It's all about the answers!

Ask a question

Why does IBM choose port 9443 as default server ports?

Philippe Chevalier (56114) | asked May 26 '11, 8:52 a.m.
I understand that an application server, since it is not an HTTP server, does not use the default HTTP server ports (80 and 9443). From an application server perspective it is quite clear that this is to avoid port conflict with HTTP proxies and such.

But in the case of Jazz, this not an application server and the Jazz servers, especially today are bound to the first IP/DNS/PORT/CONTEXT defined. Due to the public URL policy, of not supporting changes to it once an application is in implementation. This situation limits users from making infrastructure changes quite severely.

So why make default configuration, port 9443. should it not be 443, this will permit users to use a more tradition URI for Example: It would enable more flexibility for hardware changes and or server reconfiguration for example moving from Application server servicing the tool and to a HTTP proxy server to support high availability.

The installation and migration could distribute, in teh case of tomcat a server.xml file with the port configured for 443, Or, in the case of WebSphere, document the changes to the server configuration if they do not plan to use a HTTP proxy, by changing the Server port to 443 using the WAS admin console.

5 answers

permanent link
Krzysztof Ka┼║mierczyk (7.4k34997) | answered May 26 '11, 9:06 a.m.
Hi Philippe,
Did you notice, that ports 80 and 443 require admin privileges under Linux to open?

permanent link
Umberto Ghio (2121) | answered May 26 '11, 10:08 a.m.
Hi Philippe,

I don't really see a problem here, I am maintaining a stable RTC server in the EMEA Lab for internal tests and Lab projects, and since I don't like to add ports in the URL I configured on port 443 by changing a single line in server.xml.

As Krzusztof pointed out if you are on Linux it's easier to have a server running on a port > 1024 as you can avoid using root as the user running the tomcat service, however, there are other ways to achieve this setup like using IHS (or apache) as reverse proxy or rinetd (or a similar tool) to transparently bounce connections from port 443 to 9443.


permanent link
Philippe Chevalier (56114) | answered May 26 '11, 10:50 a.m.
It is not really a problem, but a discussion point.

I did understand that on LINUX/UNIX that the first 1024 ports are reserved for root user.

As it is mention changing the the port is simple but changing the Public URI is not. If a customer, or the IM request the port to deploy to that port then this may help. My thought is really default make people a little lazy, and they tend to use them, binding them to the selection.

One can ague that the Public URI, limitation is really at the heart of this issue. But, if we did use default HTTPS port (443), then this problem would not be as important, and work around much more easily achievable.

permanent link
Philippe Mulet (55112) | answered Jun 21 '11, 4:39 a.m.
Note that port mapping and/or reverse proxy can be used to hide port numbers. For instance, is configured that way.

permanent link
Jason Hamilton (35168) | answered Dec 02 '11, 3:13 p.m.
Note that port mapping and/or reverse proxy can be used to hide port numbers. For instance, is configured that way.

We have clients that would like to access our project sites, but due to security measures on Government PCs (NMCI) the default port that is associated with RTC, JTS, etc. prevents access for these individuals. How can we reverse proxy this url so those individuals on NMCI, Government PCs can access our projects and subsequent data by avoiding the port numbers?

Your answer

Register or to post your answer.