Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.
0 votes
After I follow the installation instructions, Headwind MDM is running at port 8080.

How to run it on port 80? I tried to change the Tomcat port in the config, but it won't work.

Another question is how to use https and run it on default https port 443.
by (2.9k points)

1 Answer

0 votes

Tomcat is running as "tomcat" user and it cannot open ports with number less than 1024 (in particular, 80 or 443). Therefore, it is running on 8080 (http) and 8443 (https).

You need to setup a redirection of ports using iptables.

1. Find the network interface to which TCP traffic from mobile devices is coming using the ifconfig command. 

Usually ifconfig returns two interfaces: the real interface (the identifier is eth0 or something like that) and loopback interface (lo). TCP traffic is coming to the real interface. If you are unsure, please ask your network administrator.

2. Setup the port redirection, by running these commands as root (use sudo if required):

# /sbin/iptables -A PREROUTING -t nat -i <network-interface> -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

# /sbin/iptables -A OUTPUT -t nat -o lo -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

In these commands, replace <network-interface> to the interface you've revealed when running ifconfig.

Note that here are two iptables rules: one is for your real network interface and another is for the local interface. The second rule is required so Headwind MDM could get the APK files from the local URL and process them (see this article for details).

3. If you'd like to use HTTPS as well, add similar rules for port 443:

# /sbin/iptables -A PREROUTING -t nat -i <network-interface> -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

# /sbin/iptables -A OUTPUT -t nat -o lo -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

Do not forget to setup the SSL certificate if you're planning to use HTTPS.

4. Make sure Headwind MDM is running on default ports, by opening its URL without specifying the ports 8080 or 8443.

5. Update the URLs in the Headwind MDM XML configuration file (/var/lib/tomcat8/conf/Catalina/localhost/ROOT.xml or .../hmdm.xml), excluding :8080 from URLs. 

It is recommended to restart Tomcat after XML configuration update by running the command (as root):

# service tomcat8 restart

6. Make the iptables rules permanent so they won't disappear after the server reboot. There are many ways to do that. Here's one of possible ways.

- Write the iptables commands listed above into a file, for example, /etc/iptables-tomcat.sh.

- Add executable attribute to that file:

# chmod +x /etc/iptables-tomcat.sh

- Add execution of that file after boot, by adding it into cron.

# crontab -e

(a crontab file will be opened in the text editor)

add the following line:

@reboot /etc/iptables-tomcat.sh

7. Reboot the server and make sure everything is working well.

by (2.9k points)
...