Changing port to 443 from 9933

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

matrix211v1
Posts: 61
Joined: 16 Jan 2009, 14:48

Changing port to 443 from 9933

Postby matrix211v1 » 19 Jan 2011, 16:24

Hello all!

Is there anything special I need to do for changing the port form 9933 to 443? I believed I changed it in the Server Admin, restarted, and my Unity project cannot connect to it anymore.

Obviously I have changed it in my Unity also, but I just wanted to verify that someone has already tried this.

Thanks!
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Lapo » 25 Jan 2011, 16:58

Maybe you need to check your firewall and make sure it allows traffic on that port.
Lapo
--
gotoAndPlay()
...addicted to flash games
matrix211v1
Posts: 61
Joined: 16 Jan 2009, 14:48

Nope

Postby matrix211v1 » 30 Jan 2011, 00:02

No, there was another crossdomain.xml file that I didn't know about. Once I changed that it worked fine.

But I have a follow up question now. I can connect with my application to port 443 but I cannot connect with the Admin Screen that is on 127.0.0.1

I have made the change in the server.xml for the
<adminTcpPort>443</adminTcpPort>

So it's not that.

As I said, it's working fine, just not about to use the 127.0.0.1:8080 screen. It seems to try and connect, then fails.

Any thoughts?

P.S.
I have no issues connecting with the admin screen when the system is running on port 9933
tchen
Posts: 191
Joined: 11 Dec 2010, 14:14

Postby tchen » 30 Jan 2011, 14:16

No, there was another crossdomain.xml file that I didn't know about. Once I changed that it worked fine.


I take it you have another web server somewhere and are using the prefectPolicy to manually grab it from there in Unity? In which case, don't forget about the one in sfs2x/config/crossdomain.xml which I think the Flash examples (and admin tool) are using.

And it's currently restrictive on the port allowing only 9933. Also pop open port 843 on your firewall just in case.
matrix211v1
Posts: 61
Joined: 16 Jan 2009, 14:48

Postby matrix211v1 » 30 Jan 2011, 15:27

Yes, that is the hidden CrossDomain policy I was talking about.

Are you trying to tell me that the Admin Flash component that allows you to login is currently locked to 9933?

And why do I need to open port 843?
tchen
Posts: 191
Joined: 11 Dec 2010, 14:14

Postby tchen » 30 Jan 2011, 17:35

I'll take it from the top in checklist form:

0) With a fresh install, ssh tunnel onto your server and run AdminTool
1) Add the external socket address and port 443
2) Add the allowed client ip for the administrator
3) Change the administrator port to 443
4) Ensure the "Use Flash Master Socket Policy" is enabled
5) Edit the port number in config/crossdomain.xml to 443
6) Restart SFS as root (required for ports below 1000)
7) Flush your browser cache and login
8) Make yourself a Mai Tai

* 843 is the standard Adobe flash policy server port. But it looks like SFS can supply it directly through the connection socket.
matrix211v1
Posts: 61
Joined: 16 Jan 2009, 14:48

Postby matrix211v1 » 30 Jan 2011, 17:59

I'll take it from the top in checklist form:

0) With a fresh install, ssh tunnel onto your server and run AdminTool
1) Add the external socket address and port 443
2) Add the allowed client ip for the administrator
3) Change the administrator port to 443
4) Ensure the "Use Flash Master Socket Policy" is enabled
5) Edit the port number in config/crossdomain.xml to 443
6) Restart SFS as root (required for ports below 1000)
7) Flush your browser cache and login
8) Make yourself a Mai Tai

* 843 is the standard Adobe flash policy server port. But it looks like SFS can supply it directly through the connection socket.


0) Running Windows 2003 so I just remote desktop. I then, on that machine, open a browser to 127.0.0.1:8080
1) I have turned off the firewall, and then I do a netstat -an to verify that it is listening to port 443
2) Restart SFS2x
3) I run my client program and I connect fine to the SFS2x and all is happy
4) Try to log into the AdminTool, with IP 127.0.0.1 and port 443 with the username/password and it doesn't do anything.

I can do a video of exactly what I am doing if it helps.
tchen
Posts: 191
Joined: 11 Dec 2010, 14:14

Postby tchen » 30 Jan 2011, 18:42

1a. (since you're still doing this through Remote Desktop), add 127.0.0.1 port 443 as an address socket too.
matrix211v1
Posts: 61
Joined: 16 Jan 2009, 14:48

Postby matrix211v1 » 30 Jan 2011, 18:50

Thanks, but I'm not sure I am following you. Firewall is off. I am doing nothing with Flash (I'm not using Flash in anyway, shape for form except for this AdminTool)

Here is my crossdomain.xml

Code: Select all

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <!-- This is a master-policy file. site-control can be all,none,master-only -->
   <site-control permitted-cross-domain-policies="all"/>

   <!-- Instead of setting to-ports="*", administrators can use ranges and commas -->
   <!-- This will allow access to ports 123, 456, 457, and 458 -->
   <allow-access-from domain="*"  />
</cross-domain-policy>


and my server.xml

Code: Select all

<serverSettings>
  <socketAddresses>
    <socket address="127.0.0.1" port="443" type="TCP"/>
    <socket address="xxx.xxx.xxx.xxx" port="443" type="TCP"/>
    <socket address="xxx.xxx.xxx.xxx" port="443" type="UDP"/>
  </socketAddresses>
  <ipFilter>
    <addressBlackList>
      <string>100.101.102.103</string>
    </addressBlackList>
    <addressWhiteList>
      <string>192.168.0.16</string>
    </addressWhiteList>
    <maxConnectionsPerAddress>9999999</maxConnectionsPerAddress>
  </ipFilter>
  <flashCrossdomainPolicy>
    <useMasterSocketPolicy>true</useMasterSocketPolicy>
    <policyXmlFile>crossdomain.xml</policyXmlFile>
  </flashCrossdomainPolicy>
  <systemControllerThreadPoolSize>1</systemControllerThreadPoolSize>
  <extensionControllerThreadPoolSize>1</extensionControllerThreadPoolSize>
  <systemControllerRequestQueueSize>20000</systemControllerRequestQueueSize>
  <extensionControllerRequestQueueSize>20000</extensionControllerRequestQueueSize>
  <schedulerThreadPoolSize>1</schedulerThreadPoolSize>
  <protocolCompressionThreshold>1024</protocolCompressionThreshold>
  <protocolMode>BINARY</protocolMode>
  <remoteAdmin>
    <administrators>
      <adminUser>
        <login>sfsadmin</login>
        <password>sfsadmin</password>
      </adminUser>
    </administrators>
    <allowedRemoteAddresses>
      <string>127.0.0.1</string>
      <string>192.168.0.7</string>
      <string>10.0.0.1</string>
    </allowedRemoteAddresses>
    <adminTcpPort>443</adminTcpPort>
  </remoteAdmin>
  <bannedUserManager>
    <isAutoRemove>true</isAutoRemove>
    <isPersistent>true</isPersistent>
    <customPersistenceClass></customPersistenceClass>
  </bannedUserManager>
  <extensionRemoteDebug>true</extensionRemoteDebug>
  <useFriendlyExceptions>false</useFriendlyExceptions>
  <mailer>
    <mailHost>test.mail.com</mailHost>
    <mailUser>foo</mailUser>
    <mailPass>pippo</mailPass>
    <smtpPort>25</smtpPort>
    <workerThreads>1</workerThreads>
  </mailer>
  <webServer>
    <isActive>true</isActive>
    <cfgFile>config/jetty/jetty.xml</cfgFile>
  </webServer>
  <startExtensionFileMonitor>true</startExtensionFileMonitor>
  <useFriendlyLogging>true</useFriendlyLogging>
  <useDebugMode>true</useDebugMode>
  <sessionMaxIdleTime>20000</sessionMaxIdleTime>
  <userMaxIdleTime>30000</userMaxIdleTime>
</serverSettings>
tchen
Posts: 191
Joined: 11 Dec 2010, 14:14

Postby tchen » 30 Jan 2011, 20:08

Your cross domain file is wrong as its missing the port

Code: Select all

<allow-access-from domain="*" to-ports="443" />
matrix211v1
Posts: 61
Joined: 16 Jan 2009, 14:48

Postby matrix211v1 » 30 Jan 2011, 20:21

Thanks for the tip, but the way I had it should have allowed any port to work.

I finally got it to work by using this:

Code: Select all

    <allowedRemoteAddresses>
      <string>127.0.0.1</string>
      <string>192.168.0.7</string>
      <string>10.0.0.1</string>
      <string>xxx.xxx.xxx.xxx</string>    
    </allowedRemoteAddresses>


Since it seemed that when I was on a local machine, it was NOT using the local IP, but the IP of the machine. No biggie. Hope this helps someone with a similar issue!
tchen
Posts: 191
Joined: 11 Dec 2010, 14:14

Postby tchen » 30 Jan 2011, 23:56

matrix211v1 wrote:Thanks for the tip, but the way I had it should have allowed any port to work.


FYI,

http://www.adobe.com/devnet/flashplayer ... files.html
http://www.adobe.com/xml/schemas/PolicyFileSocket.xsd

'to-ports' is a required attribute on the latest socket policy file. And just to verify, i took a stock installation, took out the attribute and it blocks me from connecting. If you want any port, use the wildcard.

Regardless, I'm glad you're able to login now.

Cheers

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 44 guests