[Zope] changing port from 9673 default
George Perry
PerryG at esi.com
Fri Nov 7 17:12:19 EST 2003
JCC:
For this application (where I have two dozen users who all know and trust
each other working behind a well maintained firewall), I like your iptables
suggestion better than setting up a proxy web server.
I also appreciate Jamie Heilman's effort in taking the time to make sure I
was aware of the security/stability issues of using a naked zope server.
I tried changing the port to 8080 using /etc/zopectl/zopectlrc (per Jamie's
suggestion that I was failing because I was trying to use a privileged
port), and this silently failed (I still saw the zope intro page being
served on port 9673).
I apologize for only searching the last three month's of the list archive
before posting. I appreciate your time and patience in responding to and
educating me.
Thank you,
George Perry
Electro Scientific Industries
13900 NW Science Park Drive
Portland, OR 97229-5497
(503) 671-5234
-----Original Message-----
From: J. Cameron Cooper [mailto:jccooper at jcameroncooper.com]
Sent: Friday, November 07, 2003 1:25 PM
To: George Perry
Cc: zope at zope.org
Subject: Re: [Zope] changing port from 9673 default
>So changing the port is only an option if you run zope as root?
>
>
You must start Zope as root to bind to a "low" port. It will insist on
being given a regular user to actually run as: read doc/SECURITY.txt.
Another option is using your OS to do it::
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
--to-port 8080
to get port masquerading from 8080 to 80 (although it won't work on
localhost).
This is an oft-discussed topic on the list, by the way.
--jcc
--
"My point and period will be throughly wrought,
Or well or ill, as this day's battle's fought."
More information about the Zope
mailing list