[fixed] Changing app.server_port to port other than 443 makes web console unable to be accessed, even when i open the port to firewall

My intention is to reverse proxy the web console under a different subdomain using nginx, so i can have 1 subdomain for VPN and 1 for my personal website. But when i change the port, it said “bind permission denied”

SElinux blocked the app from using port unless the port is specified for http. which for my server is 80, 443, 444, 8008, 8009 and 9000. use the listed port and all was well

SELinux will block access to ports below 10000. It can be included with the command sudo semanage port -a -t pritunl_web_t -p tcp 8443.

Thank you so much. I just bind it to the port that SELinux allowed and it’s good enough.

Another question: Is there a way to bind it to only open to localhost or is it not a good idea?

The bind address is set on each host in the /etc/pritunl.conf file with the bind_addr option.

i put my webconsole behind nginx server. that’s why i wanna change the port. will it affect client ability to sync config?

This is documented in the load balancing documentation. The host sync address should be set to the domain name of the web server.

i’m sorry but how do i set sync address. i can’t found the setting in my web console

Edit: I think this is for enterprise version only. oh well

When there is only one server the sync address should not be required. The configuration sync also requires a premium subscription. The profile settings on the client will show the current sync address and the last time a successful sync occurred. This will only occur if the configuration changes.