RFC: New default port for smart-proxy

ehelms · March 14, 2022, 2:18pm

Background

Over in Adding Katello to a Foreman Install, the discrepancy between Foreman and Katello’s default ports is discussed. Part of the change entails freeing up the Foreman default for smart-proxy (8443) on Katello installs by moving Candlepin to port 23443 and moving the reverse proxy on a foreman-proxy to 443. The latter still needing a few more releases before we can fully drop.

Considerations

One consideration we have been discussing has been what to do about the installations, documentation and user bases that are used to the smart-proxy port being on 8443 vs being on 9090.

Another consideration is the over-loaded use of ports 8443 (e.g. Java’s default) or 9090 (Cockpit’s default) in the broader ecosystem.

Proposal

Choose a new (“unused”) default port for the smart-proxy that would be used across the ecosystem. This port would be converged towards by both Foreman and Katello from a new installation perspective and where applicable for upgrades to bring standardization. This would drop the use of 8443 and 9090 as standard ports used for the smart-proxy and free them up for their more traditional use cases.

Open Questions

What port number should be used?
Should we request a reserved port number?

Dirk · March 15, 2022, 8:10am

No suggestion for a port, but we should also keep SELinux in mind when choosing a port.

evgeni · March 15, 2022, 9:11am

To the best of my understanding, we can pick any port in the range of 1024-49151 that is not listed as used on Service Name and Transport Protocol Port Number Registry, so e.g. 19090 seems to be free?

And yes, SELinux will require changes.

Dirk · March 15, 2022, 1:03pm

I would also double check that not a software uses the port even without a reservation like doing a quick google search or using a list which includes unofficial use like List of TCP and UDP port numbers - Wikipedia.

(As I know at least one software which does so, and has a ticket open to make a proper reservation from me for several years.)

But yes, 19090 does not have a reservation at iana, no unofficial use or at least I did not find any and from SELinux perspective is only unreserved_port_t, so assigning a context would be no problem.

lzap · March 18, 2022, 10:02am

65,535 ports ought to be enough for anybody.

evgeni · March 18, 2022, 10:05am

And yet everyone is using 8080 and 8443