IBM Support

How to change the ports ADMIN server uses

Question & Answer


Question

How do you change the default ports for the different ADMIN servers?

Answer

To change the default port that the ADMIN server listens on, use the setApplicationServerProperties.sh script.  To ensure this is available, it is recommended to apply the latest HTTP group PTF:

https://www.ibm.com/support/pages/ibm-i-group-ptfs-level


The original PTFs were provided under APAR SE62564


NOTE: Once the HTTP port is set, the change will persist even if new PTFs are applied. However, the admin port will not. Users will have to issue the script above to set the admin port after PTF apply.

To see what ports are set by default, see the following documentation:

Ports Required for the HTTP Administration Console (ADMIN)

Example of using the script to change port 2002 port used by the ADMIN1 server:

1. End the ADMIN server with the command:

ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)


2. On the OS400 command line enter STRQSH

3. Change the working directory:

cd /qibm/proddata/os/applicationserver/bin


4. For the command usage type:

setApplicationServerProperties.sh -h

 
Command usage:
  
setApplicationServerProperties.sh
-server 'server-name'
[ -httpPort 'http-port|old-port:new-port' ]
[ -httpsPort 'https-port|old-port:new-port' ]
[ -adminPort 'admin-port' ]
[ -printErrorDetails ] [ -help ]

Where:

-server is the name of the application server whose properties will be
modified.

-httpPort is the HTTP port associated with the application server.
If only a port is specified, the default HTTP port for the server
will be set to the specified value. If a colon delimited value is
specified, the first value specified must exist in the server
configuration and will be replaced by the second value. Valid values
range from 1 to 65535. A value of -1 disables the port. This parameter
is optional.

-httpsPort is the HTTP SSL port associated with the application server.
If only a port is specified, the default HTTP SSL port for the server
will be set to the specified value. If a colon delimited value is
specified, the first value specified must exist in the server
configuration and will be replaced by the second value. Valid values
range from 1 to 65535. A value of -1 disables the port. This parameter
is optional.

-adminPort is the internal administration port associated with the
application server. Valid values range from 0 to 65535. A value of
0 will result in an ephemeral port to be chosen at run time.
This parameter is optional.

-printErrorDetails will show additional error information, such as stack
traces and error codes, if the command fails. This parameter is optional.
-help displays the command syntax. This parameter is optional.

NOTE: If the ADMIN1 server's -adminPort is changed, additional changes will be required to support the proper redirection from port 2001 to the new ADMIN1 adminPort. 

When accessing the Admin server via non-TLS port 2001, it is hardcoded to redirect to port 2002. 

When accessing the Admin server via TLS port 2010, it is hardcoded to redirect to port 2003. 

So the file, /qibm/proddata/httpa/admin/conf/admin-ibm.conf, will need to be edited to redirect to the new port if you want to access the server via http://<server>:2001 or 2010.

STRQSH
cp /qibm/proddata/httpa/admin/conf/admin-ibm.conf /qibm/proddata/httpa/admin/conf/admin-ibm.bak


F12

WRKLNK '/qibm/proddata/httpa/admin/conf/admin-ibm.conf'


Option 2 to edit.


Replace the 2002 port value with the -adminPort value specified on the setApplicationServerProperties.sh script.

RewriteRule ^(.*):2001$ http://$1:2002/Navigator [R,L]


to

RewriteRule ^(.*):2001$ http://$1:NEWPORT/Navigator [R,L]

where NEWPORT is the -adminPort value that was used in the setApplicationServerProperties.sh script.


FYI: Default Admin port block is 2001-2019


IBM i CL command 'NETSTAT *CNN', can be used to view the listening admin ports.


To configure Admin to use TLS, follow technote How to Enable Transport Layer Security (TLS) for the IBM Web Administration Server (HTTPAdmin)


5. Example of changing the ports for a TLS configuration:

=======run scripts for httpPort assignment =========

qsh

cd /qibm/proddata/os/applicationserver/bin

setApplicationServerProperties.sh -server admin1 -httpPort 2002:12002

setApplicationServerProperties.sh -server admin3 -httpPort 2006:12006

setApplicationServerProperties.sh -server admin4 -httpPort 2008:12008

setApplicationServerProperties.sh -server admin5 -httpPort 2011:12011

=======run scripts for httpsPort assignment =========

setApplicationServerProperties.sh -server admin1 -httpsPort 2003:12003

setApplicationServerProperties.sh -server admin3 -httpsPort 2007:12007

setApplicationServerProperties.sh -server admin5 -httpsPort 2012:12012

=====run scripts for adminPort assignment =======

setApplicationServerProperties.sh -server admin1 -adminPort 12015

setApplicationServerProperties.sh -server admin3 -adminPort 12017

setApplicationServerProperties.sh -server admin4 -adminPort 12018

setApplicationServerProperties.sh -server admin5 -adminPort 12019

======= EDTF '/qibm/userdata/httpa/admin/conf/admin-cust.conf' ====to manually add your new target ports====

LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM                                                                    
Listen *:12010                                                                                                                       
SetEnv HTTPS_PORT 12010                                                                                                              
<VirtualHost *:12010>                                                                                                                
   SSLEngine On                                                                                                                     
   SSLAppName QIBM_HTTP_SERVER_ADMIN                                                                                               
   SSLProtocolDisable SSLv2 SSLv3                                                                                                   
   RewriteEngine On                                                                                                                 
   RewriteOptions Inherit                                                                                                           
   RewriteRule ^/$ %{HTTP_HOST} [C]                                                                                                 
   RewriteRule ^(.*):12010$ https://$1:2003/Navigator [R,L]                                                                          
   RewriteRule ^/ibm/console/?$ %{HTTP_HOST} [C]                                                                                    
   RewriteRule ^(.*):12010$ https://$1:2005/ibm/console [R,L]                                                                        
   RewriteRule ^/ibm/console/.*$ %{HTTP_HOST} [C]                                                                                   
   RewriteRule ^(.*):12010$ https://$1:2005/ibm/console [R,L]                                                                        
   RewriteRule ^/webnav/WnServlet$ %{HTTP_HOST} [C]                                                                                 
   RewriteRule ^(.*):12010$ https://$1:2005/ibm/console/xLaunch.do?pageID=com.ibm.i5OS.webnav.navigationElement.WebnavBasePortlet&%{Q
   RewriteRule ^/iamobile/?$ %{HTTP_HOST} [C]                                                                                       
   RewriteRule ^(.*):12010$ https://$1:2012/iamobile/iWAHome [R,L]                 
   RewriteRule ^/iamobile/(.*)$ %{HTTP_HOST}/iamobile/$1 [C]                      
   RewriteRule ^(.*):12010/iamobile/(.*)$ https://$1:2012/iamobile/$2 [R,L]        
   RewriteRule ^/IDSWebApp/?$ %{HTTP_HOST} [C]                                    
   RewriteRule ^(.*):12010$ https://$1:2005/IDSWebApp/ [R,L]                       
   RewriteRule ^/IDSWebApp/(.*)$ %{HTTP_HOST}/IDSWebApp/$1 [C]                    
   RewriteRule ^(.*):12010/IDSWebApp/(.*)$ https://$1:2005/IDSWebApp/$2 [R,L]      
   RewriteRule ^/dcm/?$ %{HTTP_HOST} [C]                                          
   RewriteRule ^(.*):12010$ https://$1:2007/dcm/ [R,L]                             
   RewriteRule ^/dcm/(.*)$ %{HTTP_HOST}/dcm/$1 [C]                                
   RewriteRule ^(.*):12010/dcm/(.*)$ https://$1:2007/dcm/$2 [R,L]                  
   RewriteRule ^/Navigator/?$ %{HTTP_HOST} [C]                                    
   RewriteRule ^(.*):12010$ https://$1:2003/Navigator/ [R,L]                       
   RewriteRule ^/Navigator/(.*)$ %{HTTP_HOST}/Navigator/$1 [C]                    
   RewriteRule ^(.*):12010/Navigator/(.*)$ https://$1:2003/Navigator/$2 [R,L]      
</VirtualHost>


6. Start the ADMIN server:

strtcpsvr server(*http) httpsvr(*admin)

Browser url test
https://yoursysname:12010/HTTPAdmin

If problems after ptfs and ALL scripts completed, please submit a QMGTOOLS: HTTPAdmin Collector for IBM i for port validation.

Performance or further customization will be completed under a IBM i Customized Services consulting engagement.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CIcAAM","label":"IBM i Administration Server"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]

Document Information

Modified date:
10 February 2024

UID

nas8N1021056

Page Feedback