Is tcp/80 needed for katello

Hi , very simple question , is tcp/80 access needed from a host to katello server to download repositories? We have a new vlan and security doesnt want tcp/80 to be allowed , however without it i cant get katello to work on this vlan.

It depends. Technically there are a few reasons why it’s used.

First of all, many provisioning systems don’t work over HTTPS, so Foreman defaults its unattened_url to HTTP. If you don’t provision with kickstart/preseed/etc or can get them to work with HTTPS then it’s not needed.

For new host registration there is also /pub where there’s an RPM. This method is deprecated and also available over HTTPS. However, in some places tooling may still print the URL using HTTP and not HTTPS. Starting RHEL 9 it may also retrieve this RPM if you provide it with a server URL. In that case, be sure to enter the HTTPS URL because I think a hostname will default to HTTP.

You may also find more issues because it’s a scenario we don’t really test that much. Most of the Foreman application redirects to HTTPS anyway.