Changing the ports used by the nginx container with Podman
By default, the Cyberwatch application is exposed on ports 8080 (HTTP) and 8443 (HTTPS). There are several methods for changing this behavior and making the application accessible on the standard ports 80 and 443:
Port redirection via the firewall (recommended)
This method allows you to keep the application configuration as is (listening on 8080 and 8443), while making it accessible on 80 and 443 from the outside.
With firewalld:
# Redirect port 80 to 8080
sudo firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080
# Redirect port 443 to 8443
sudo firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443
The application should now be accessible. To make this change permanent on reboot:
sudo firewall-cmd --runtime-to-permanent
With iptables:
# Redirect port 80 to 8080
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
# Redirect port 443 to 8443
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
The application should now be accessible. To make this change permanent on reboot:
sudo iptables-save | sudo tee /etc/iptables/rules.v4
Expose the nginx container on ports 80 and 443
Warning! This method is not recommended because it allows any user to open services on important ports. Use with caution.
- Allow a non-privileged user to use ports < 1024
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80
To make the change permanent on reboot:
echo "net.ipv4.ip_unprivileged_port_start=80" | sudo tee /etc/sysctl.d/99-unprivileged-ports.conf
sudo sysctl --system
- Edit the file
/etc/cyberwatch/config.env
Edit variables NGINX_HTTP_PORT and NGINX_HTTPS_PORT with:
NGINX_HTTP_PORT=80
NGINX_HTTPS_PORT=443
- Restart Cyberwatch
# With root user
sudo cyberwatch restart
# With the cyberwatch user
cyberwatch restart