Forum > Networking and Web Programming
is it possible for indy10 https to work on port not 443?
Michael Collier:
I'm using indylaz 10.6.2.549 , lazarus 2.0.0 , FPC 3.3.1
Using TIdHTTPServer to run a secure web server implementing letsencrypt/cerbot certificates.
When I bind to port 443, everything runs fine..
--- Code: Pascal [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} --- b := FHTTPServerObject.Bindings.Add(); b.IP := f_ip_address ; b.port := f_port ; // 443 is the only value that seems to work
But when I try binding different port numbers my browser won't connect. I don't get any errors when running in the debugger..If I remove HTTPS and just use HTTP then my browser will connect so it seems that things are running under under the hood.
I'm not sure if I'm doing something wrong in my code or if I need to do something different when creating certificates?
Note: I remember doing this before a few months back on a windows7 laptop which I will dig out, recharge and fire up, I think it worked on that, it was a previous version of indy. Also I'm currently doing this on a rapsberryPI3 running raspbian..
Thanks..
korba812:
You must have root privileges to start server with port below 1024
https://stackoverflow.com/questions/10182798/why-are-ports-below-1024-privileged
Michael Collier:
Hi korba812
I'm using sudo at the command line when I start Lazarus (to run my app through debugger), and also using sudo when I run the app outside the debugger.
(In fact I seemed to need this in order to access the SSL certificate but I don't mind)
Port 443 works ok, the port(s) I'm attempting to use are above 8000 so I guess should be ok?
Thaddy:
port 443 is as per RFC 1700 the https reserved port number.
But indeed, it is possible to use a high port number and still use https.
Michael Collier:
Hi Thaddy
Thanks,yep, I just tried a pre-compiled version of my app on a windows-10 PC and it does allow several high port numbers for https. This version was compiled using an earlier version of indy so I'll update indy and retry.
On the RPI3 device, I installed nmap and after opening my app to listen on 8443 executed this:
--- Code: Pascal [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---nmap -p 8443 192.168.1.90
..the output was:
--- Code: Pascal [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---8443/tcp open https-alt
So nmap seems to be saying that 8443 is being used ok.
I put break-point in my source code for requests..
When I try to connect using standard port 443 the debugger stops on my breakpoint, but when I attempt to connect from my browser using port 8443 the debugger does not stop.
So it seems there is something going wrong between the browser and the application?
There is no firewall installed on the RPI but I did a quick check:
--- Code: Pascal [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---sudo iptables -L Chain INPUT (policy ACCEPT)target prot opt source destination Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination
and in any event I'm opening the browser on the local RPI so I'm not having to go though routers and still not connecting, so this seems strange to me..??
Navigation
[0] Message Index
[#] Next page