Introduction
By default, an unsecure HTTP connection will be used for end-user access to Console (port 8081) and communication between the Console and Node packages (port 8082). This page explains how to change the Console and Node running port numbers, for example to enable a secured connection using HTTPS for access to both packages.
Prerequisites
If you intend to change the port numbers in order to enable HTTPS then you must already have a Java keystore file containing the X.509 certificate (from a trusted authority or self-signed) for both packages (i.e. you need two keystore files/certificates). Obtaining the certificate and generating the keystore files are out of the scope of this document. See https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html#Prepare_the_Certificate_Keystore for more information about importing existing signed X.509 certificates into a keystore and generating new self-signed certificates and storing them in a keystore. Note also that Console/Node supports only the following format keystore types:
PEM type X.509 (.crt/.pem) certificates are not supported and would need to be converted to a format supported by CAST. |
Changing Nodes
Step 1 - Edit aip-node-app.properties
Open the following file with a text editor - this file is available on EACH Node, therefore if you have more than one Node, you will need to make this change on all Nodes that need changing:
<console_installation>\AipNode\data\aip-node-app.properties
Locate the following section of options:
# ============================== # HTTP/HTTPS parameters # ------------------------------ # TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS server.port=8082 # HTTPS activation server.ssl.enabled=false # Definition of the Java keystore where the HTTPS certification is stored server.ssl.key-store=path/to/key_store server.ssl.key-store-password=your_pwd server.ssl.key-alias=alias # HTTP port when HTTPS is enabled. # HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled http.port=80
Modify these options as follows:
server.port | Change this to the required port. If you intend to enable HTTPS communication, CAST highly recommends that you use port 443. |
---|---|
server.ssl.enabled | Change this to true only if you are enabling HTTPS communication, otherwise leave as is. |
server.ssl.key-store | Change this only if you are enabling HTTPS communication, otherwise leave as is. This configures the path (with forward slashes) to the Java keystore containing the X.509 certificate to be used. CAST highly recommends placing the Java keystore in a location outside of protected system folders because this may prevent CAST from accessing the required files. CAST recommends a folder at the root of the system drive ensuring that file permissions are adequate. |
server.ssl.key-store-password | Change this only if you are enabling HTTPS communication, otherwise leave as is. This configures the password to the Java keystore. |
server.ssl.key-alias | Change this only if you are enabling HTTPS communication, otherwise leave as is. This configures the alias of the of the certificate. |
http.port | Change this only if you are enabling HTTPS communication, otherwise leave as is. This configures the port number that will be used when HTTPS is enabled and and an attempt to connect via HTTP is made. Any HTTP connections attempted will be accepted on the configured port and will then be auto redirected to the port configured defined in server.port. |
HTTPS example
# ============================== # HTTP/HTTPS parameters # ------------------------------ # TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS server.port=443 # HTTPS activation server.ssl.enabled=true # Definition of the Java keystore where the HTTPS certification is stored server.ssl.key-store=C:/CAST/CAST_Certificate.jks server.ssl.key-store-password=01234 server.ssl.key-alias=CAST # HTTP port when HTTPS is enabled. # HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled http.port=80
Alternative HTTP example
# ============================== # HTTP/HTTPS parameters # ------------------------------ # TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS server.port=8088 # HTTPS activation server.ssl.enabled=false # Definition of the Java keystore where the HTTPS certification is stored server.ssl.key-store=path/to/key_store server.ssl.key-store-password=your_pwd server.ssl.key-alias=alias # HTTP port when HTTPS is enabled. # HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled http.port=80
Step 2 - Apply the changes
Save the aip-node-app.properties file and then restart the Node to ensure all changes are taken into account:
- If the Node is installed as a Windows Service, restart the service
- If the Node is running only using the batch file, close the CMD window to stop the process, then restart then using the following file:
<console_installation>\AipNode\tools\runAipNode.bat
Step 3 - Update Console
You now need update Console and edit all Nodes where the port number has been changed. Login with a user account that already has the Admin role and switch to the Admin Center:
Move to the Nodes panel:
Edit all Nodes where the port number has changed (the Node name should be displayed in red since Console will not be able to access it following the port number change):
Ensure you update the port number and, if you are changing to HTTPS, ensure you update the scheme from HTTP to HTTPS:
Check that the Nodes are all showing in green:
Changing Console
Step 1 - Edit aipConsole.properties
Open the following file with a text editor:
Windows: <console_installation>\AipConsole\data\aipConsole.properties Linux: $HOME\CAST\AipConsole\data\aipConsole.properties
Locate the following section of options:
# ============================== # HTTP/HTTPS parameters # ------------------------------ # TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS server.port=8081 # HTTPS activation server.ssl.enabled=false # Definition of the Java keystore where the HTTPS certification is stored server.ssl.key-store=path/to/key_store server.ssl.key-store-password=your_pwd server.ssl.key-alias=alias # HTTP port when HTTPS is enabled. # HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled http.port=80
Modify these options as follows:
server.port | Change this to the required port. If you intend to enable HTTPS communication, CAST highly recommends that you use port 443. |
---|---|
server.ssl.enabled | Change this to true only if you are enabling HTTPS communication, otherwise leave as is. |
server.ssl.key-store | Change this only if you are enabling HTTPS communication, otherwise leave as is. This configures the path (with forward slashes) to the Java keystore containing the X.509 certificate to be used. CAST highly recommends placing the Java keystore in a location outside of system folders because this may prevent CAST from accessing the required files. CAST recommends a folder at the root of the system drive ensuring that file permissions are adequate. |
server.ssl.key-store-password | Change this only if you are enabling HTTPS communication, otherwise leave as is. This configures the password to the Java keystore. |
server.ssl.key-alias | Change this only if you are enabling HTTPS communication, otherwise leave as is. This configures the alias of the of the certificate. |
http.port | Change this only if you are enabling HTTPS communication, otherwise leave as is. This configures the port number that will be used when HTTPS is enabled and and an attempt to connect via HTTP is made. Any HTTP connections attempted will be accepted on the configured port and will then be auto redirected to the port configured defined in server.port. |
HTTPS example
# ============================== # HTTP/HTTPS parameters # ------------------------------ # TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS server.port=443 # HTTPS activation server.ssl.enabled=true # Definition of the Java keystore where the HTTPS certification is stored server.ssl.key-store=C:/CAST/CAST_Certificate.jks server.ssl.key-store-password=01234 server.ssl.key-alias=CAST # HTTP port when HTTPS is enabled. # HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled http.port=80
Alternative HTTP example
# ============================== # HTTP/HTTPS parameters # ------------------------------ # TCP port used by the API. Standard is 80 for HTTP, 443 for HTTPS server.port=80 # HTTPS activation server.ssl.enabled=false # Definition of the Java keystore where the HTTPS certification is stored server.ssl.key-store=path/to/key_store server.ssl.key-store-password=your_pwd server.ssl.key-alias=alias # HTTP port when HTTPS is enabled. # HTTP requests to that port will be redirected to HTTPS, if HTTPS is enabled http.port=80
Step 2 - Apply the changes
Save the aipConsole.properties file and then restart the Node to ensure all changes are taken into account:
- If Console is installed as a Windows Service, restart the service
- If Console is running only using the batch file, close the CMD window to stop the process, then restart then using the following file:
<console_installation>\AipConsole\tools\runAIPConsole.bat
Step 3 - Test access
Browse to the Console using the new URL, for example:
HTTPS - 443: https://<server>/ui/index.html#/ Alternative HTTP - 80: http://<server>/ui/index.html#/