Changing Web GUI Port Number

To avoid a possible conflict on the standard https port of 443, PAM is installed to use port 6443 for its web GUI (https://server:6443/xtam).

If you want to change this port to something other than 6443, like the standard https port 443, then please follow the steps described in this article.

Before changing the port to 443 make sure that there is no other software running on this port on the operating system (such as MS IIS or Apache HTTPD Server) to avoid port conflicts. If something else is already running on this port, then PAM will fail to start.

Windows

For Windows deployments:

  1. Login to PAM host server and open the file $PAM_HOME/web/conf/server.xml in a text editor.
  2. Search for the exact value port=”6443”. There will be only one matching occurrence of this exact value in the file.

    Changing-Web-GUI.png

  3. Change this value from port=”6443” to port=”443”.

  4. Save and close the file.
  5. Restart the PamManagement service.

When the service fully restarts, your PAM server will be listening on port 443 (https://server:443/xtam or simply https://server/xtam).

Linux with root account

For Linux deployments installed and run with root account:

  1. Login toPAM host server and open the file $PAM_HOME/web/conf/server.xml in a text editor.
  2. Search for the exact value port=”6443”. There will be only one matching occurrence of this exact value in the file.

    Changing-Web-GUI.png

  3. Change this value from port=”6443” to port=”443”.
  4. Save and close the file.
  5. Restart the pammanager service.

Linux with a non-root user account

For Linux deployments installed and run with a non-root user account:

Because PAM was deployed and running with a non-root account, Linux will not allow PAM to be bound to low number port such as 443. In this case, there are two options:

First is to follow the documentation of your operating system and disable this behavior so that Linux will allow a non-root user to bind to the port 443.

We do not recommend this option for production deployments, but for non-production deployments like test, trial or ‘proof of concept’ environments this may be considered.

Second is to leave PAM on its default port 6443 and configure a third party load balancer (revers proxy) to listen on the port 443 and pass through the HTTP traffic to the PAM server.

The below article describes the configuration of Apache HTTPD proxy server to act as a load balancer for two PAM nodes, but the same concept with a single node will serve a single node deployment. You can also use any other load balancer too such as an F5.

 

Load Balancer Configuration for Apache HTTP Server with Sticky Sessions

 

It’s worth noting again, regardless of which option applies to your deployment, before changing the port to 443 make sure that there is no other software running on this port on the operating system (such as MS IIS or Apache HTTPD Server) to avoid port conflicts. If something else is already running on this port, then PAM will fail to start.