Mac OS - ports

[watkinspd]

For info, on my mac: CISCO Anyconnect VPN uses port 5001 Apple Airport Utility uses port 8021

I uninstalled CISCO and restarted I disabled Airport Utility

[swcurran]

Thanks. Looks like there is not a way to override the ports for a single run, but we can add that in the manage script.

For now, easiest is to locally edit the docker/manage file and change the offending port numbers to something else.

In general, most ports are available, so pick something random and you should be OK.

[watkinspd]

Port 8021 was not Airport utility - it was in /System/Library/LaunchDaemons/com.apple.ftp-proxy.plist I think an ancient left over from my laptop image that has been with me through years and years of upgrades and updates.

sudo -s launchctl unload -w /System/Library/LaunchDaemons/com.apple.ftp-proxy.plist released port 8021

[sslaws]

sudo -s launchctl unload -w /System/Library/LaunchDaemons/com.apple.ftp-proxy.plist

Thanks, this worked for me! I think it would be ideal to change the 8021 port if possible.

[swcurran]

@esune --- can you adjust the scripts and docs to use other than 8021? I wonder if this is an issue in some of our other repos -- e.g. AATH. @ianco , what do you think?

[esune]

@esune --- can you adjust the scripts and docs to use other than 8021?

We could potentially allow users to override the default ports by setting relevant environment variables. I am not sure that we can pick a port that will never be already used by some process...

[swcurran]

Yes, but if it is a common problem on Macs to use port 8021, we shouldn't use it by default, right? It's a little surprising we're seeing this one now, but there you go.

[ianco]

Looks like 8021 is the default port for ftp proxy on a Mac. I'm not sure when this runs or not (I've never run into this issue on my Mac and the config file that Watkins mentioned has 8021 on my local).

It would probably be best to leave the default ports as is, but support an environment variable to set a different port range.

[WadeBarnes]

Best solution would be to parameterize the ports so they can be overridden from the command line (via the manage script). Choose a reasonable default. Document the known port collision issues and warn users about the symptoms of port collision and how to resolve the issue from the command line.

[WadeBarnes]

Well known port lists: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml https://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-sg-en-4/ch-ports.html https://packetlife.net/media/library/23/common-ports.pdf

[swcurran]

How about for this we just have a replacement for 8021 for now in this script? I'm hesitant to do this for all.

Perhaps the environment variable we use is P8021, so that you can run P8021=8022 ./manage start. That generalizes easily. We can also update the docs on this repo with that.

Future ./manage scripts should have that built in from the start. BTW -- Sheldon has been using a bash "argparse" generator for script command processing that might make this way easier to handle. Basically, you declare your arguments and it generates the bash code to handle them all. Doesn't handle env variables as well as the Python one added to ACA-Py, but it's better than hand coding all that boiler plate code.

[WadeBarnes]

Looks like 8021 is actually registered to Intuit: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=8021

• But that was back in 2005

[esune]

So "historically" we have been using 8021 for public endpoint and 8024 for the admin interface in aca-py as defaults in all of our scripts since the beginning of time, so I am hesitant to do a one-off change here.

Ports are a free-for-all party so there is no guarantee that a registered port is still being used, or vice-versa that an unregistered port is not used by another service.

I'd leave the defaults as-is, and add environment variables and documentation that explain this, so also other port collision issues could be addressed just by setting the correct envvars.