If you make a request for http://your-server:8153/go/api/support and look
for "*System Properties*"  and "*Input Arguments*", do you see the property
*cruise.server.ssl.port* set to port 8080, if not there's likely a problem
reading /etc/default/go-server.

On Thu, Sep 14, 2017 at 7:14 PM David Newhook <[email protected]> wrote:

> Hi there,
>
> I don't seem to be able to change the SSL listen port to 8080 for GOCD
> server deployed with RPMs on RHEL 7.3 (GOCD 17.10 tested).
>
> I have configured GO_SERVER_SSL_PORT to be 8080 in /etc/default/go-server
> as follows:
>
> GO_SERVER_PORT=8153
> GO_SERVER_SSL_PORT=8080
> SERVER_WORK_DIR=/var/lib/go-server
> DAEMON=Y
>
> I am using my own SSL cert as documented in
> https://docs.gocd.org/17.10.0/installation/ssl_tls/custom_server_certificate.html
> but have observed the same behaviour in an experimental build of 17.11
> <https://build.gocd.org/go/files/installers-PR/633/dist/1/dist/dist/rpm/go-server-17.11.0-5387.noarch.rpm>
> where I used the default self-signed certificate.  Using Firefox or curl -
> I'm always redirected from the 8080 port set to 8443 when not
> authenticated.  The following curl statement is run on the gocd server.
> 'gocd-server' in /etc/hosts points to the IP address of the GOCD server
> (192.168.178.15).  No proxies configured.
>
> gocd-server:root:/root # curl --cacert ca.crt -v https://gocd-server:8080/
> go/home
> * About to connect() to gocd-server port 8080 (#0)
> *   Trying 192.168.178.15...
> * Connected to gocd-server (192.168.178.15) port 8080 (#0)
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> *   CAfile: ca.crt
>   CApath: none
> * NSS: client certificate not found (nickname not specified)
> * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> * Server certificate:
> *       subject: CN=gocd-server
> *       start date: Sep 06 12:22:28 2017 GMT
> *       expire date: Sep 06 12:22:28 2022 GMT
> *       common name: gocd-server
> *       issuer: CN=My CA
> > GET /go/home HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: gocd-server:8080
> > Accept: */*
> >
> < HTTP/1.1 302 Found
> < Date: Thu, 14 Sep 2017 13:12:14 GMT
> < Set-Cookie: JSESSIONID=orh3ia1v4s1dpnefhc2v2evp;Path=/go;Expires=Thu,
> 28-Sep-2017 13:12:14 GMT;Secure;HttpOnly
> < Expires: Thu, 01 Jan 1970 00:00:00 GMT
> < Location: https://gocd-server:8443/go/auth/login
> < Content-Length: 0
> <
> * Connection #0 to host gocd-server left intact
>
> Strangely no problem with other ports (9000 and 8081 tested).
> gocd-server:root:/root # curl --cacert ca.crt -v https://gocd-server:8081/
> go/home
> * About to connect() to gocd-server port 8081 (#0)
> *   Trying 192.168.178.15...
> * Connected to gocd-server (192.168.178.15) port 8081 (#0)
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> *   CAfile: ca.crt
>   CApath: none
> * NSS: client certificate not found (nickname not specified)
> * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> * Server certificate:
> *       subject: CN=gocd-server
> *       start date: Sep 06 12:22:28 2017 GMT
> *       expire date: Sep 06 12:22:28 2022 GMT
> *       common name: gocd-server
> *       issuer: CN=Puppet CA: config.shared.sp.vodafone.com
> > GET /go/home HTTP/1.1
> > User-Agent: curl/7.29.0
> > Host: gocd-server:8081
> > Accept: */*
> >
> < HTTP/1.1 302 Found
> < Date: Thu, 14 Sep 2017 13:34:05 GMT
> < Set-Cookie: JSESSIONID=1dt9ank0ghnd7aluwlheptn3f;Path=/go;Expires=Thu,
> 28-Sep-2017 13:34:05 GMT;Secure;HttpOnly
> < Expires: Thu, 01 Jan 1970 00:00:00 GMT
> < Location: https://gocd-server:8081/go/auth/login
> < Content-Length: 0
> <
> * Connection #0 to host gocd-server left intact
>
> SELinux is running in permissive mode - not seeing anything in the audit
> log.  Is this just an issue with my environment?
>
> Kind Regards,
>
> David
>
> --
> You received this message because you are subscribed to the Google Groups
> "go-cd" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to