cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP provider service of the Java dispatcher cannot be bound to port 443

Former Member
0 Kudos

Hi all,

I am running NW04s SPS09 on Linux. I would like to have the HTTPS connections to be established on TCP port 443, thus I modified the Ports property of the http service of the dispatcher as follows:

Ports = (Port:50000,Type:http)(Port:443,Type:ssl)

Doing so, I listed all ports used by the instance and this is what I get:

Ports used by the ClusterManager:

50000 --> http

50002 --> iiop

50003 --> iiop|ssl

50004 --> p4

50005 --> p4|httptunneling

50006 --> p4|ssl

50007 --> iiop

50008 --> telnet

50010 --> jms_provider

i.e. there is no port for the http|ssl .

If I reset the Ports property to its default value I get:

Ports used by the ClusterManager:

50000 --> http

50001 --> http|ssl

50002 --> iiop

50003 --> iiop|ssl

50004 --> p4

50005 --> p4|httptunneling

50006 --> p4|ssl

50007 --> iiop

50008 --> telnet

50010 --> jms_provider

Obviously, there is some problem with binding to ports < 1024, which in UNIX OSs requires root user privileges.

Does anyone know how this can be configured?

Thanks in advance,

Stoimen Gerenski

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Assuming this is a JAVA only system, you need to enable SSL by requesting certificate, getting it signed by CA and importing it in the KeyStorage (ssl_credentials). Once this is done, goto DIspatcher - HTTP Provider and check if it now lists your active socket connection on port 443. Also change the default ssl-credential to the new SSL certificate you added.

Once this is done, run a netstat command to check if port 443 is listening by jlaunch.exe procedd.

If you have an ABAP+JAVA system, then it is a different story. (Hint: If you have configured your ICM to listen on port 443, you cannot assign the same port for your Java dispatcher.)

Regards,

Fahad

Former Member
0 Kudos

Fahad,

Thanks for your input, but I already tried what you are suggesting. netstat is not showing tcp port 443 as open. I read some posts in the forums discussing the same issue and it seems that the solution is to use proxy or firewall/translation.

However, I thought that it would be easier not to use such additional techniques and make the system listen to TCP 443...

Regards,

Stoimen

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi!

Not entirely sure for the service you mentioned, but for quite a lot of the SAP functinoalities on Unix you need to use/activate External Bind to be able to use ports with numbers below 1024. Please check SAP documentation in this regard.

Why don't you use a sapwebdisp in front? Might help to faciliate things in the future as well if you have several application servers.

Regards,

Jörg

Former Member
0 Kudos

Hi,

I saw there is such an external binding program for ICM, but unfortunately, I couldn't find a procedure/information about how and with what I can do the same for the Java dispatcher...

Obviously, I will have to use another approach. I am currently testing how it works if I use iptables to translate the port number in the TCP packets. It is has been working fine so far...

Thanks,

Stoimen

Former Member
0 Kudos

Hi!

If using iptables suits you that should be fine, although I have no idea if this is officially 'supported'.

It's generaly advisable though to have a loadbalancing layer in front of the Portal, which presents a consistens URL to the outside and allows you to change things in the background without changing outisde URLs. A sapwebdisp could do that for you and sapwebdisp definitely supports the external bind.

Regards,

Jörg

Former Member
0 Kudos

Hi,

Thanks all for the input.

Regards,

Stoimen