Question & Answer
Question
How do you change the default ports for the different ADMIN servers?
Answer
To change the default port that the ADMIN server listens on, use the setApplicationServerProperties.sh script. To ensure this is available, it is recommended to apply the latest HTTP group PTF:
https://www.ibm.com/support/pages/ibm-i-group-ptfs-level
The original PTFs were provided under APAR SE62564
NOTE: Once the HTTP port is set, the change will persist even if new PTFs are applied. However, the admin port will not. Users will have to issue the script above to set the admin port after PTF apply.
To see what ports are set by default, see the following documentation:
Ports Required for the HTTP Administration Console (ADMIN)
Example of using the script to change port 2002 port used by the ADMIN1 server:
1. End the ADMIN server with the command:
ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
2. On the OS400 command line enter STRQSH
3. Change the working directory:
cd /qibm/proddata/os/applicationserver/bin
4. For the command usage type:
setApplicationServerProperties.sh -h
setApplicationServerProperties.sh
-server 'server-name'
[ -httpPort 'http-port|old-port:new-port' ]
[ -httpsPort 'https-port|old-port:new-port' ]
[ -adminPort 'admin-port' ]
[ -printErrorDetails ] [ -help ]
Where:
-server is the name of the application server whose properties will be
modified.
-httpPort is the HTTP port associated with the application server.
If only a port is specified, the default HTTP port for the server
will be set to the specified value. If a colon delimited value is
specified, the first value specified must exist in the server
configuration and will be replaced by the second value. Valid values
range from 1 to 65535. A value of -1 disables the port. This parameter
is optional.
-httpsPort is the HTTP SSL port associated with the application server.
If only a port is specified, the default HTTP SSL port for the server
will be set to the specified value. If a colon delimited value is
specified, the first value specified must exist in the server
configuration and will be replaced by the second value. Valid values
range from 1 to 65535. A value of -1 disables the port. This parameter
is optional.
-adminPort is the internal administration port associated with the
application server. Valid values range from 0 to 65535. A value of
0 will result in an ephemeral port to be chosen at run time.
This parameter is optional.
-printErrorDetails will show additional error information, such as stack
traces and error codes, if the command fails. This parameter is optional.
-help displays the command syntax. This parameter is optional.
NOTE: If the ADMIN1 server's -adminPort is changed, additional changes will be required to support the proper redirection from port 2001 to the new ADMIN1 adminPort.
When accessing the Admin server via non-TLS port 2001, it is hardcoded to redirect to port 2002.
When accessing the Admin server via TLS port 2010, it is hardcoded to redirect to port 2003.
So the file, /qibm/proddata/httpa/admin/conf/admin-ibm.conf, will need to be edited to redirect to the new port if you want to access the server via http://<server>:2001 or 2010.
STRQSH
cp /qibm/proddata/httpa/admin/conf/admin-ibm.conf /qibm/proddata/httpa/admin/conf/admin-ibm.bak
F12
WRKLNK '/qibm/proddata/httpa/admin/conf/admin-ibm.conf'
Option 2 to edit.
Replace the 2002 port value with the -adminPort value specified on the setApplicationServerProperties.sh script.
RewriteRule ^(.*):2001$ http://$1:2002/Navigator [R,L]
to
RewriteRule ^(.*):2001$ http://$1:NEWPORT/Navigator [R,L]
where NEWPORT is the -adminPort value that was used in the setApplicationServerProperties.sh script.
FYI: Default Admin port block is 2001-2019
IBM i CL command 'NETSTAT *CNN', can be used to view the listening admin ports.
To configure Admin to use TLS, follow technote How to Enable Transport Layer Security (TLS) for the IBM Web Administration Server (HTTPAdmin)
5. Example of changing the ports for a TLS configuration:
=======run scripts for httpPort assignment =========
qsh
cd /qibm/proddata/os/applicationserver/bin
setApplicationServerProperties.sh -server admin1 -httpPort 2002:12002
setApplicationServerProperties.sh -server admin3 -httpPort 2006:12006
setApplicationServerProperties.sh -server admin4 -httpPort 2008:12008
setApplicationServerProperties.sh -server admin5 -httpPort 2011:12011
=======run scripts for httpsPort assignment =========
setApplicationServerProperties.sh -server admin1 -httpsPort 2003:12003
setApplicationServerProperties.sh -server admin3 -httpsPort 2007:12007
setApplicationServerProperties.sh -server admin5 -httpsPort 2012:12012
=====run scripts for adminPort assignment =======
setApplicationServerProperties.sh -server admin1 -adminPort 12015
setApplicationServerProperties.sh -server admin3 -adminPort 12017
setApplicationServerProperties.sh -server admin4 -adminPort 12018
setApplicationServerProperties.sh -server admin5 -adminPort 12019
======= EDTF '/qibm/userdata/httpa/admin/conf/admin-cust.conf' ====to manually add your new target ports====
LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
Listen *:12010
SetEnv HTTPS_PORT 12010
<VirtualHost *:12010>
SSLEngine On
SSLAppName QIBM_HTTP_SERVER_ADMIN
SSLProtocolDisable SSLv2 SSLv3
RewriteEngine On
RewriteOptions Inherit
RewriteRule ^/$ %{HTTP_HOST} [C]
RewriteRule ^(.*):12010$ https://$1:2003/Navigator [R,L]
RewriteRule ^/ibm/console/?$ %{HTTP_HOST} [C]
RewriteRule ^(.*):12010$ https://$1:2005/ibm/console [R,L]
RewriteRule ^/ibm/console/.*$ %{HTTP_HOST} [C]
RewriteRule ^(.*):12010$ https://$1:2005/ibm/console [R,L]
RewriteRule ^/webnav/WnServlet$ %{HTTP_HOST} [C]
RewriteRule ^(.*):12010$ https://$1:2005/ibm/console/xLaunch.do?pageID=com.ibm.i5OS.webnav.navigationElement.WebnavBasePortlet&%{Q
RewriteRule ^/iamobile/?$ %{HTTP_HOST} [C]
RewriteRule ^(.*):12010$ https://$1:2012/iamobile/iWAHome [R,L]
RewriteRule ^/iamobile/(.*)$ %{HTTP_HOST}/iamobile/$1 [C]
RewriteRule ^(.*):12010/iamobile/(.*)$ https://$1:2012/iamobile/$2 [R,L]
RewriteRule ^/IDSWebApp/?$ %{HTTP_HOST} [C]
RewriteRule ^(.*):12010$ https://$1:2005/IDSWebApp/ [R,L]
RewriteRule ^/IDSWebApp/(.*)$ %{HTTP_HOST}/IDSWebApp/$1 [C]
RewriteRule ^(.*):12010/IDSWebApp/(.*)$ https://$1:2005/IDSWebApp/$2 [R,L]
RewriteRule ^/dcm/?$ %{HTTP_HOST} [C]
RewriteRule ^(.*):12010$ https://$1:2007/dcm/ [R,L]
RewriteRule ^/dcm/(.*)$ %{HTTP_HOST}/dcm/$1 [C]
RewriteRule ^(.*):12010/dcm/(.*)$ https://$1:2007/dcm/$2 [R,L]
RewriteRule ^/Navigator/?$ %{HTTP_HOST} [C]
RewriteRule ^(.*):12010$ https://$1:2003/Navigator/ [R,L]
RewriteRule ^/Navigator/(.*)$ %{HTTP_HOST}/Navigator/$1 [C]
RewriteRule ^(.*):12010/Navigator/(.*)$ https://$1:2003/Navigator/$2 [R,L]
</VirtualHost>
6. Start the ADMIN server:
strtcpsvr server(*http) httpsvr(*admin)
Browser url test
https://yoursysname:12010/HTTPAdmin
If problems after ptfs and ALL scripts completed, please submit a QMGTOOLS: HTTPAdmin Collector for IBM i for port validation.
Performance or further customization will be completed under a IBM i Customized Services consulting engagement.
Related Information
Was this topic helpful?
Document Information
Modified date:
10 February 2024
UID
nas8N1021056