Jump to: navigation, search

Restricting Ports

You can control access to GMS APIs by configuring your firewall to allow or block other hosts (such as public internet, intranet, specific IP addresses, and so on) from accessing TCP/IP ports on the host where GMS is running.

You can configure and enable port control through the following process:

  1. Set configuration options.
  2. Paste code snippet into the jetty-http.xml file.
  3. Restart GMS.

Configuration

Configuration Options

You can control port access to GMS APIs by adding a port_restrictions section in the GMS configuration, at the node level or cluster level. This section is optional and not defined in the default template. The content of this section is a list of key/values. Where key is an URI pattern (/genesys/1/storage/*, /genesys/1/service/*, /genesys/1/service/request-interaction, and so on), and the value is a list of ports or a port range.

  1. In Configuration Manager, select Environment > Applications.
  2. Locate and open the Application object for GMS.
  3. Select the Options tab.
  4. Add the port_restrictions section, and then set the options and values with the URL and ports you wish to control.
  5. Save your changes.


Example port_restrictions section:

Option Name Option Value Description
/genesys/1/storage* 80-90 Storage API will be accessible from port 80 to port 90.
/genesys/1/service/* 92-98,100 Services API will be accessible from port 92 to port 98, plus the port 100.
Important
  • There are no default values or default option names. You can define various URL patterns; such as /genesys/1/resource*, /genesys/1/resource*, /genesys/1/service/*, /genesys/1/service/request-interaction, and so on.
  • If the request is sent on another port, an HTTP error 403 Forbidden occurs.
  • The Admin UI and APIs not listed in the port_restrictions section will be available on all ports listed in the port_restrictions section.

jetty-http.xml File

  1. Go to the <GMS_HOME>/etc/jetty-http.xml file, and add the code snippet after the GMS default HTTP connector (used to open default port 8080).

Example Set connectors section:

 <!-- =========================================================== -->
<!-- Set connectors                                              -->
<!-- =========================================================== -->
<Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" default="1"/></Arg>
        <Arg name="selectors" type="int"><Property name="jetty.http.selectors" default="-1"/></Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">
            <Item>
              <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                <Arg name="config"><Ref refid="httpConfig" /></Arg>
              </New>
            </Item>
          </Array>
        </Arg>
        <Set name="host"><Property name="jetty.http.host" deprecated="jetty.host" /></Set>
        <Set name="port"><Property name="jetty.http.port" deprecated="jetty.port" default="8025" /></Set>
        <Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set>
		
		        <Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set>
        <Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set>
        <Get name="SelectorManager">
          <Set name="connectTimeout"><Property name="jetty.http.connectTimeout" default="15000"/></Set>
        </Get>
        <Set name="reuseAddress"><Property name="jetty.http.reuseAddress" default="true"/></Set>
        <Set name="reusePort"><Property name="jetty.http.reusePort" default="false"/></Set>
        <Set name="acceptedTcpNoDelay"><Property name="jetty.http.acceptedTcpNoDelay" default="true"/></Set>
        <Set name="acceptedReceiveBufferSize" property="jetty.http.acceptedReceiveBufferSize" />
        <Set name="acceptedSendBufferSize" property="jetty.http.acceptedSendBufferSize" />
      </New>
    </Arg>
  </Call>
Important
  • Replace the port number in the jetty.http.port parameters.
  • For multiple ports, copy the entire <Call name="addConnector"> property and modify it to add additional port numbers.
  • To specify a range of port number, for example 8092-8095, you have to include the entire snippet in the jetty-http.xml file for each port: 8092, 8092, 8093, 8094, and 8095.

2. Restart GMS.

Disabling Port Restrictions

  1. In Configuration Manager, select Environment > Applications.
  2. Locate and open the Application object for GMS.
  3. Select the Options tab.
  4. Select the port_restrictions section.
  5. Right-click, and enter a hash tag (#) in front of port_restrictions so it appears like this: #port_restrictions. The port restrictions are now disabled, and the Service Management User Interface > Lab > Config tab will display: port restrictions has not been enabled.


Setting Default GMS Port

By default, the GMS Port is set to 8080. You can modify this value by editing the <GMS_HOME>/etc/jetty-http.xml file and changing this value in the addConnector section. When you are finished, restart GMS.

<Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="acceptors" type="int">
<Property name="http.acceptors" default="-1"/></Arg>
        <Arg name="selectors" type="int">
<Property name="http.selectors" default="-1"/></Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">
            <Item>
              <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                <Arg name="config"><Ref refid="httpConfig" /></Arg>
              </New>
            </Item>
          </Array>
        </Arg>
        <Set name="host"><Property name="jetty.host" /></Set>
        <Set name="port"><Property name="jetty.port" default="8080" /></Set>
        <Set name="idleTimeout">
<Property name="http.timeout" default="30000"/></Set>
        <Set name="soLingerTime">
<Property name="http.soLingerTime" default="-1"/></Set>
        <Set name="acceptorPriorityDelta">
<Property name="http.acceptorPriorityDelta" default="0"/></Set>
        <Set name="selectorPriorityDelta">
<Property name="http.selectorPriorityDelta" default="0"/></Set>
        <Set name="acceptQueueSize">
<Property name="http.acceptQueueSize" default="0"/></Set>
      </New>
    </Arg>
  </Call>
Important
Make sure that the values of the external_url_base option set for the load-balancer URL base and the server/web_port option used for CometD node to node communication are consistent with each other.
This page was last edited on May 31, 2024, at 08:42.
Comments or questions about this documentation? Contact us for support!