Hi Olivier, There aren't any settings in Bono to allow you to do this.
You can use authbind to allow a non-root process to bind to port 443 (rather than giving 'bono' root privileges). You will need to install authbind on your Bono, create authbind files for port 443, and then invoke Bono using authbind. This does require changing the startup scripts though. We made a similar change to Ellis a while back (see https://github.com/Metaswitch/ellis/commit/7f866d163f07a5c33210e2cc32bf25d51d06fafb for an example of the necessary changes to the scripts). If you do decide to make these changes, please do consider contributing them back to Project Clearwater! Ellie -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of DURECU, OLIVIER (OLIVIER) Sent: 15 May 2014 08:09 To: [email protected] Subject: [Clearwater] Using port 443 for Bono Websockets Hi, I have some clients that I would like to connect to Bono that are located behind a HTTP Proxy filtering ports. So the solution is to have Bono listening to websockets connections on port 443 Manually changing the startup script (from /etc/init.d) from port 5062 to port 443 is not enough because bono is launched with a user "bono" who has no root privileges... I try adding bono to the sudo group (sudo usermod -a -G sudo bono) but without success. Still permission denied to bind on 443... I have done an additional hack in the startup script: I removed the -chuid parameter and Bono is now starting as user root and it works fine Do you have any suggestion to do it in a safer way? (ideally through settings to avoid twicking the startup script that may be overwritten by each updates...) Thanks Olivier DURECU Bell Labs / IP Platform Research Villarceaux Center Tel: +33(0) 160402759 GSM: +33(0) 683776482 _______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/listinfo/clearwater _______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/listinfo/clearwater
