I have a Grails 4.0.10 app that I am trying to run on port 443 because when using other port than 443 the port number is displayed in the url bar like this.
https://2.113.139.14:8443/
I can make it run on any other port like 8443 or 8445.
I just changed the port to 8445.
I made the changes here, in application.yml:
server:
port: 8445 # The port to listen on
ssl:
enabled: true # Activate HTTPS mode on the server port
key-store: /home/runner/selfsigned.jks # e.g. /etc/tomcat7/keystore/tomcat.keystore
key-store-password: pepsicola # e.g. changeit
key-alias: tomcat # e.g. tomcat
key-password: pepsicola
In application.groovy
grails.plugin.springsecurity.portMapper.httpPort=8080
grails.plugin.springsecurity.portMapper.httpsPort=8445
production {
grails.logging.jul.usebridge = false
net.authorize.environment = net.authorize.Environment.PRODUCTION
net.authorize.formAction = net.authorize.Environment.PRODUCTION.baseUrl.toString() + '/gateway/transact.dll'
grails.insecureServerURL = "http://2.113.139.14:${grails.plugin.springsecurity.portMapper.httpPort}${grails.app.context}"
grails.serverURL = "https://2.113.139.14:${grails.plugin.springsecurity.portMapper.httpsPort}${grails.app.context}"
In build.gradle
bootRun {
ignoreExitValue true
jvmArgs(
'-Dspring.output.ansi.enabled=always',
'-Duser.timezone=US/Mountain',
'-Dgrails.server.port.https=8445',
'-Dgrails.server.port.http=8080',
// '-Dorg.apache.catalina.session.StandardSession.ACTIVITY_CHECK=true',
'-noverify',
'-XX:TieredStopAtLevel=1',
'-Xmx1024m')
sourceResources sourceSets.main
String springProfilesActive = 'spring.profiles.active'
systemProperty springProfilesActive, System.getProperty(springProfilesActive)
}
But when I make the changes like this to 443, it doesn't work.
In application.yml
server:
servlet:
context-path: '/roadrace'
port: 443 # The port to listen on
ssl:
enabled: true # Activate HTTPS mode on the server port
key-store: /home/runnercard/selfsigned.jks # e.g. /etc/tomcat7/keystore/tomcat.keystore
key-store-password: pepsicola # e.g. changeit
key-alias: tomcat # e.g. tomcat
key-password: pepsicola
In application.groovy
grails.plugin.springsecurity.portMapper.httpPort=8080
grails.plugin.springsecurity.portMapper.httpsPort=443
production {
grails.logging.jul.usebridge = false
net.authorize.environment = net.authorize.Environment.PRODUCTION
net.authorize.formAction = net.authorize.Environment.PRODUCTION.baseUrl.toString() + '/gateway/transact.dll'
grails.insecureServerURL = "http://2.113.139.14:${grails.plugin.springsecurity.portMapper.httpPort}${grails.app.context}"
grails.serverURL = "https://2.113.139.14:${grails.plugin.springsecurity.portMapper.httpsPort}${grails.app.context}"
In build.gradle
bootRun {
ignoreExitValue true
jvmArgs(
'-Dspring.output.ansi.enabled=always',
'-Duser.timezone=US/Mountain',
'-Dgrails.server.port.https=443',
'-Dgrails.server.port.http=8080',
// '-Dorg.apache.catalina.session.StandardSession.ACTIVITY_CHECK=true',
'-noverify',
'-XX:TieredStopAtLevel=1',
'-Xmx1024m')
sourceResources sourceSets.main
String springProfilesActive = 'spring.profiles.active'
systemProperty springProfilesActive, System.getProperty(springProfilesActive)
}
In the server I am running the app as stand-alone Java using the command
java -Xmx6g -Dgrails.env=prod -Duser.timezone=US/Mountain -jar /home/runnercard/RCRoadRaceWeb4.jar
What can I try next?
You have posted in the past about running on Ubuntu, so I'm guessing that's still the case. If not, this may not apply; I'm not sure about port rules on Windows.
Ports 1024 and below are privileged on most systems and require root access to listen. There are several options, the very worst of which is "run your application as root". That is a bad plan and a potentially severe security misconfiguration.
Instead, you may want to look into port forwarding. Assuming you (or someone with system access) has root permissions, you can easily forward all traffic from one port (443) to another (8443).
Once this is in place, you will need to set grails.serverURL property to https://whatever/application (without the port) so that fully qualified links are generated properly.