Page tree
Skip to end of metadata
Go to start of metadata

Summary: this page describes how to change Console and Node running port numbers, for example to enable HTTPS.

Introduction

By default, an unsecure HTTP connection will be used for end-user access to the AIP Console (port 8081) and communication between the AIP Console and AIP Node packages (port 8082). This page explains how to change the Console and Node running port numbers, for example to enable a secured connection using HTTPS for access to both packages.

Prerequisites

(tick)

If you intend to change the port numbers in order to enable HTTPS then you must already have a Java keystore file containing the X.509 certificate (from a trusted authority) for both packages (i.e. you need two keystore files/certificates). Obtaining the certificate and generating the keystore files are out of the scope of this document. See https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore for more information about importing existing signed X.509 certificates into a keystore and generating new self-signed certificates and storing them in a keystore.

Note also that AIP Console/AIP Node support only the following format keystores:

  • JKS
  • PKCS11
  • PKCS12

Changing AIP Nodes

Step 1 - Edit aip-node-app.properties

Open the following file with a text editor - this file is available on EACH AIP Node, therefore if you have more than one AIP Node, you will need to make this change on all AIP Nodes that need changing:

<AIP_console_installation>\AipNode\data\aip-node-app.properties

Locate the following section of options:

# ==============================
# HTTP/HTTPS parameters 
# ------------------------------
# TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS
server.port=8082
# HTTPS activation
server.ssl.enabled=false
# Definition of the Java keystore where the HTTPS certification is stored
server.ssl.key-store=path/to/key_store
server.ssl.key-store-password=your_pwd
server.ssl.key-alias=alias
# HTTP port when HTTPS is enabled. 
# HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled
http.port=80

Modify these options as follows:

server.portChange this to the required port. If you intend to enable HTTPS communication, CAST highly recommends that you use port 443.
server.ssl.enabledChange this to true only if you are enabling HTTPS communication, otherwise leave as is.
server.ssl.key-storeChange this only if you are enabling HTTPS communication, otherwise leave as is. This configures the path (with forward slashes) to the Java keystore containing the X.509 certificate to be used.
server.ssl.key-store-passwordChange this only if you are enabling HTTPS communication, otherwise leave as is. This configures the password to the Java keystore.
server.ssl.key-aliasChange this only if you are enabling HTTPS communication, otherwise leave as is. This configures the alias of the of the certificate.
http.portChange this only if you are enabling HTTPS communication, otherwise leave as is. This configures the port number that will be used when HTTPS is enabled and and an attempt to connect via HTTP is made. Any HTTP connections attempted will be accepted on the configured port and will then be auto redirected to the port configured defined in server.port.

HTTPS example 

# ==============================
# HTTP/HTTPS parameters 
# ------------------------------
# TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS
server.port=443
# HTTPS activation
server.ssl.enabled=true
# Definition of the Java keystore where the HTTPS certification is stored
server.ssl.key-store=C:/CAST/CAST_Certificate.jks
server.ssl.key-store-password=01234
server.ssl.key-alias=CAST
# HTTP port when HTTPS is enabled. 
# HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled
http.port=80

Alternative HTTP example

# ==============================
# HTTP/HTTPS parameters 
# ------------------------------
# TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS
server.port=8088
# HTTPS activation
server.ssl.enabled=false
# Definition of the Java keystore where the HTTPS certification is stored
server.ssl.key-store=path/to/key_store
server.ssl.key-store-password=your_pwd
server.ssl.key-alias=alias
# HTTP port when HTTPS is enabled. 
# HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled
http.port=80

Step 2 - Apply the changes

Save the aip-node-app.properties file and then restart the AIP Node to ensure all changes are taken into account:

  • If the AIP Node is installed as a Windows Service, restart the service
  • If the AIP Node is running only using the batch file, close the CMD window to stop the process, then restart then using the following file:
<AIP_console_installation>\AipNode\tools\runAipNode.bat

Step 3 - Update AIP Console

You now need update AIP Console and edit all AIP Nodes where the port number has been changed. Login with a user account that already has the Admin role and switch to the Admin Center:

Move to the Nodes panel:

Edit all AIP Nodes where the port number has changed (the Node name should be displayed in red since AIP Console will not be able to access it following the port number change):

Ensure you update the port number and, if you are changing to HTTPS, ensure you update the scheme from HTTP to HTTPS:

Check that the Nodes are all showing in green:

Changing AIP Console

Step 1 - Edit aipConsole.properties

Open the following file with a text editor:

Windows:
<AIP_console_installation>\AipConsole\data\aipConsole.properties

Linux:
$HOME\CAST\AipConsole\data\aipConsole.properties

Locate the following section of options:

# ==============================
# HTTP/HTTPS parameters
# ------------------------------
# TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS
server.port=8081
# HTTPS activation
server.ssl.enabled=false
# Definition of the Java keystore where the HTTPS certification is stored
server.ssl.key-store=path/to/key_store
server.ssl.key-store-password=your_pwd
server.ssl.key-alias=alias
# HTTP port when HTTPS is enabled.
# HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled
http.port=80

Modify these options as follows:

server.portChange this to the required port. If you intend to enable HTTPS communication, CAST highly recommends that you use port 443.
server.ssl.enabledChange this to true only if you are enabling HTTPS communication, otherwise leave as is.
server.ssl.key-storeChange this only if you are enabling HTTPS communication, otherwise leave as is. This configures the path (with forward slashes) to the Java keystore containing the X.509 certificate to be used.
server.ssl.key-store-passwordChange this only if you are enabling HTTPS communication, otherwise leave as is. This configures the password to the Java keystore.
server.ssl.key-aliasChange this only if you are enabling HTTPS communication, otherwise leave as is. This configures the alias of the of the certificate.
http.portChange this only if you are enabling HTTPS communication, otherwise leave as is. This configures the port number that will be used when HTTPS is enabled and and an attempt to connect via HTTP is made. Any HTTP connections attempted will be accepted on the configured port and will then be auto redirected to the port configured defined in server.port.

HTTPS example 

# ==============================
# HTTP/HTTPS parameters 
# ------------------------------
# TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS
server.port=443
# HTTPS activation
server.ssl.enabled=true
# Definition of the Java keystore where the HTTPS certification is stored
server.ssl.key-store=C:/CAST/CAST_Certificate.jks
server.ssl.key-store-password=01234
server.ssl.key-alias=CAST
# HTTP port when HTTPS is enabled. 
# HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled
http.port=80

Alternative HTTP example

# ==============================
# HTTP/HTTPS parameters 
# ------------------------------
# TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS
server.port=80
# HTTPS activation
server.ssl.enabled=false
# Definition of the Java keystore where the HTTPS certification is stored
server.ssl.key-store=path/to/key_store
server.ssl.key-store-password=your_pwd
server.ssl.key-alias=alias
# HTTP port when HTTPS is enabled. 
# HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled
http.port=80

Step 2 - Apply the changes

Save the aipConsole.properties file and then restart the AIP Node to ensure all changes are taken into account:

  • If AIP Console is installed as a Windows Service, restart the service
  • If AIP Console is running only using the batch file, close the CMD window to stop the process, then restart then using the following file:
<AIP_console_installation>\AipConsole\tools\runAIPConsole.bat

Step 3 - Test access

Browse to the AIP Console using the new URL, for example:

HTTPS - 443: https://<server>/ui/index.html#/
Alternative HTTP - 80: http://<server>/ui/index.html#/
  • No labels