I've seen the other questions regarding this topic and only the Solaris question & answer get close.
I am looking to change the default port Splunkweb runs on from 8000 to 80 for obvious usability reasons. I start Splunk as user "splunk" so naturally the user can't start processes on port 80.
Is there a work around for this outside of using a server/device to translate 8000 to 80 (ie> Apache)?
Note: Having the server start up as root is out of the question due to security concerns.
Binding privileged ports as a non-root user involves different solutions depending on your platform. A decent writeup can be found here:
Many customers elect to use a web proxy like Apache, the most commonly available service, to proxy port 80 through to Splunk on port 8000. This passes on the binding responsibility to Apache so one does not have to configure the splunk
user. A template for doing this can be found in the Splunk documentation for configuring SSO.
You could also use some sort of port redirection method to connect incoming connections on 80 to the nonpriveledged port, but this forgoes some of the security advantages of using a low port (it's hard for local users to spoof your service if they don't have the capability.)
Personally I'd rather use either of the two options outlined by Johnvey.
Binding privileged ports as a non-root user involves different solutions depending on your platform. A decent writeup can be found here:
Many customers elect to use a web proxy like Apache, the most commonly available service, to proxy port 80 through to Splunk on port 8000. This passes on the binding responsibility to Apache so one does not have to configure the splunk
user. A template for doing this can be found in the Splunk documentation for configuring SSO.
Yeah I've already implemented a proxy in the past so I'm well aware that it's a viable solution but I am trying to minimize dependencies for Splunkweb being accessible.
I definitely need to check into setcap as that is new to me and from that thread it appears that's the solution I am looking for.
You should be able to modify the web.conf
with the following setting:
[settings] httpport = 80
The question isn't about how to configure Splunk to run on port 80, it's about how to configure the OS so that the Splunk user is allowed to bind to that port.
By default, port 80 is in the 'restricted' list of ports, so only the root user, and possibly other privileged users are allowed access it. The restricted ports are 1024 and lower