Change the HTTP and HTTPS ports using firezone-ctl reconfigure

Tylorw1 · July 26, 2022, 9:58pm

Hello,

First, I just wanted to thank you for the unique web gui for wireguard and look forward to new updates and features.

Second, I am having an issue with getting the webserver ports to change from 80/443 to 10350/10351. I change the NGINX settings to below, and run reconfigure. However, it does not change anything. I tried changing the ports manually in NGINX and phoenix (without much success). When I re-ran reconfigure, it again reconfigured with the default 80 and 443 ports.

Is there a config setting I am missing? This is simply being used for home wireguard remote access so the only port forward is 51820.

firezone.rb

default[‘firezone’][‘nginx’][‘enabled’] = true

default[‘firezone’][‘nginx’][‘force_ssl’] = true

default[‘firezone’][‘nginx’][‘non_ssl_port’] = 10350

default[‘firezone’][‘nginx’][‘ssl_port’] = 10351

default[‘firezone’][‘nginx’][‘directory’] = “#{node[‘firezone’][‘var_directory’]}/nginx/etc”

default[‘firezone’][‘nginx’][‘log_directory’] = “#{node[‘firezone’][‘log_directory’]}/nginx”

default[‘firezone’][‘nginx’][‘log_rotation’][‘file_maxbytes’] = 104_857_600

default[‘firezone’][‘nginx’][‘log_rotation’][‘num_to_keep’] = 10

default[‘firezone’][‘nginx’][‘log_x_forwarded_for’] = false

jamil · July 27, 2022, 1:00am

Hi @Tylorw1 — what version of Firezone is this?

Tylorw1 · July 27, 2022, 2:23am

I installed it today using the installation script. firezone-ctl version shows 0.4.6.

jamil · July 27, 2022, 4:16am

Thanks for providing that. Hm, this shouldn’t happening.

Does firezone-ctl reconfigure finish without error?
Does grep 'ssl_port' /etc/firezone/firezone-running.json list the correct ports?
Does netstat -pant show the nginx master process listening on your desired ports?

Tylorw1 · July 27, 2022, 1:40pm

Here is a pastebin of the firezone-ctl reconfigure output. I do not see any error messages present. I also verified in two separate editors that the ports are changed in /etc/firezone/firezone.rb.

grep ‘ssl_port’ /etc/firezone/firezone-running.json:
“non_ssl_port”: 80,
“ssl_port”: 443,

netstat -pant does not show ports 10350 and 10351 in use.

jamil · July 27, 2022, 8:10pm

Very strange. Looks like your port settings are not being picked up. Just making sure — you removed the comment at the beginning of the relevant lines? The #.

Would you mind posting your config? It looks like your changes aren’t seen at all from Chef.

Tylorw1 · July 28, 2022, 12:22pm

I figured it out.

I was not uncommenting the lines correctly, and then it found a couple errors in regard to a missing single quote.

Thank you for your help, and sorry to bug you about this. Though, I guess it is better to know there is not something wrong, and is purely user error.