Versions Compared

Old Version 17

changes.mady.by.user Milton Suen

Saved on

compared with

New Version Current

changes.mady.by.user Aaron Enfield

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Edit /etc/firewalld/zones/public.xml or (swarm-site.xml whichever has the other port rules) and add a rule to allow port 8090 requests. The remainder of the instructions assume port 8090 is used. The result resembles:

    Code Block
    <?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="8009"/>
  <port protocol="tcp" port="8080"/>
  <port protocol="tcp" port="8081"/>
  <port protocol="udp" port="123"/>
  <port protocol="udp" port="514"/>
  <port protocol="tcp" port="514"/>
  <port protocol="tcp" port="8090"/>
  <masquerade/>
</zone>

  2. Reload the firewall rules:

    Code Block
    firewall-cmd --reload

  3. Create a directory to configure port90 files

    Code Block
    mkdir -p /opt/datacore/swarm-port90-console/

  4. Create a configuration file to disable HTTP/1.0 (opt/datacore/swarm-port90-console/disable_http1.0.conf)

    Code Block
    <IfModule mod_rewrite.c>
    RewriteEngine On
    # Block HTTP/1.0 requests
    RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$
    RewriteRule .* - [F,L]
</IfModule>

# Restrict proxy connections to HTTP/1.1
<Proxy *>
    # This block is only necessary if you are configuring proxy settings.
    # Since 'ProxyRequests' should not be in <Proxy> block, configure it elsewhere.
</Proxy>

# Set proxy settings in the main configuration or a VirtualHost
# For instance, you can place this in your main httpd.conf or a VirtualHost config:
ProxyRequests Off
ProxyVia Off

  5. OPTIONAL: if your SCS has internet access, you can skip this step and proceed to step 4. Download the container scs-container-port90-console.tar.gz here and transfer it to the SCS server. Load the container:

    Code Block
    podman load < scs-container-port90-console.tar.gz

  6. Collect the IP address of any Swarm node and replace it in the following command. Install the container:

    Code Block
    podman run -d --name swarm-port90-console --security-opt=seccomp=unconfined -p 8090:8090 -e SCSP_HOST=[Swarm node IP] -v /opt/datacore/swarm-port90-console/disable_http1.0.conf:/etc/httpd/conf.d/block_http1.0.conf:Z docker-repo.tx.caringo.com/quay.io/perifery/caringo-syslog:stable9

  7. Now port 8090 on the SCS server can be used to access Swarm’s port90 console: http://[SCS-IP]:8090

  8. No further actions are required. However, the container does not run when the SCS server is restarted. Continue with the instructions below to configure the container to auto-start.

...

To eliminate the port90 container, execute the following commands to remove it from Podman:

Code Block
podman stop $(podman ps -a | grep swarm-port90-console | awk '{ print $1 }')
podman rm $(podman ps -a | grep swarm-port90-console | awk '{ print $1 }')
systemctl stop swarm-port90-console.service
systemctl disable swarm-port90-console.service

...