No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Local HA System Software Installation Guide (SUSE Linux + Oracle + Veritas) 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Disable the HTTP Port for Accessing eSight

How Do I Disable the HTTP Port for Accessing eSight

Question

You can disable the HTTP port for accessing eSight. Disabling the HTTP port exerts the following impacts:
  • The HTTP port 8080 cannot be used to access eSight.
  • The HTTP port 8088 cannot be used to access the maintenance tool.
  • The HTTP port 8087 cannot be used for single sign-on (SSO) authentication.

Answer

  • You are advised to back up the files before modifying them.
  • For a high-availability system, the following operations should be performed on the active server.
  1. Stop eSight.
  2. Modify the sso.xml file.

    1. Access the Installation directory/AppBase/etc/oms.sso directory.
    2. Open the sso.xml file and change the content of the <param/> label of the name="close-http-port" attribute to true. The following is an example:
      <param name="close-http-port">true</param>

  3. Modify the esightsso.ssoclient.ext.xml file.

    1. Access the Installation directory/AppBase/etc/oms.sso/ext directory.
    2. Open the esightsso.ssoclient.ext.xml file, find the <param/> label of the name="private" attribute, change http in the URL to https, and change the port number to 31942.

      In the following example, 10.120.46.158 is used as an example. Replace it with the actual IP address.

      <?xml version="1.0" encoding="UTF-8"?>
      <config name="oms">
          <!-- Single Sign On -->
          <config name="sso">
              <config name="client">
                  <param name="enabled">true</param>
                  <param name="isShowWhiteListPage">false</param>
              </config>
              <config name="servers">
                  <config name="server">
                      <param name="entryAddressMapping">10.120.46.158</param>
                      <param name="name">10.120.46.158:8087</param>
                      <param name="public">https://10.120.46.158:31942/sso</param>
                      <param name="private">https://10.120.46.158:31942/sso</param>
                      <param name="logout">https://10.120.46.158:31942/sso/logout</param>
                  </config>
                  <config name="server">
                      <param name="entryAddressMapping">10.120.46.158</param>
                      <param name="name">10.120.46.158:8087</param>
                      <param name="public">https://10.120.46.158:31942/sso</param>
                      <param name="private">https://10.120.46.158:31942/sso</param>
                      <param name="logout">https://10.120.46.158:31942/sso/logout</param>
                  </config>
              </config>
          </config>
      </config>

  4. Modify the ssoclient.xml file.

    1. Access the Installation directory/AppBase/etc/oms.sso directory.
    2. Open the ssoclient.xml file, find the <param/> label of the name="private" attribute, change http in the URL to https, and change the port number to 31942.

      In the following example, 10.120.46.158 is used as an example. Replace it with the actual IP address.

      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <config name="oms">
          <!-- Single Sign On -->
          <config name="sso">
              <config name="client">
                  <param name="enabled">false</param>
                  <param name="isLocalsso">true</param>
                  <param name="isShowWhiteListPage">false</param>
              </config>
              <config name="servers">
                  <config name="upper_layer_server">
                      <param name="name">10.120.46.158:8087</param>
                      <param name="public">https://10.120.46.158:31942/sso</param>
                      <param name="private">https://10.120.46.158:31942/sso</param>
                      <param name="logout">https://10.120.46.158:31942/sso/logout</param>
                  </config>
                  <config name="server">
                      <param name="name">10.120.46.158:8087</param>
                      <param name="public">https://10.120.46.158:31942/sso</param>
                      <param name="private">https://10.120.46.158:31942/sso</param>
                      <param name="logout">https://10.120.46.158:31942/sso/logout</param>
                  </config>
              </config>
          </config>
      </config>

  5. Modify the nginx.conf file.

    1. Access the Installation directory/AppBase/3rdparty/nginx/conf directory.
    2. Open the nginx.conf file, find the following content, and use the number sign (#) to comment it out.
      In the following example, 10.120.46.158 is used as an example. Replace it with the actual IP address.
      #server {
              #nginx.........
      #        listen   10.120.46.158:8080;
      #        server_name  localhost;
      #        rewrite ^(.*)$  https://$host:31943$1 permanent;
      #        if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE)$ )
      #{
      #            return 444;
      #}
      #}

  6. Modify the roa.inst.xml file.

    1. Access the Installation directory/mttools/etc/iemp.framework directory.
    2. Open the roa.inst.xml file, find the following content, and use the <!-- --> symbol to comment it out.

      In the following example, 10.120.46.158 is used as an example. Replace it with the actual IP address.

      <!--connector name="httpport" type="http">
                <property name="ip" value="10.120.46.158" />
                <property name="port" value="8088" />
                <property name="maxAcceptor" value="5" /
      </connector-->
      
      
      <!--connector name="httpIPV6port" type="http" allowedModel="ipall">
      ?<property name="ip" value="2000:0:0:0:0:0:0:83" />
      ?<property name="port" value="8088" />
      ?<property name="ipModel" value="ipall" />
      ?<property name="maxAcceptor" value="5" />
      </connector-->
      

  7. Start eSight for the modification to take effect.
Translation
Download
Updated: 2019-10-30

Document ID: EDOC1100044372

Views: 29810

Downloads: 26

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next