Can't change https port for Management server

[justinestruch]

problem

Hello I am setting up a new Cloudstack mgmt server. I am now setting up HTTPS with a letsencrypt cert.
I have followed the guide at https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/

This works fine if I used the default port 8443, I can load the mgmt console and the trusted certificate works fine . But if I change the port to 443 and restart the management service, I can not connect on the port.
But if I change the port to 9443 and restart the management service, this works.

I checked with "lsof -i :443" to see if cloudstack is listening on the port 443 and I do not see it listening on the port.

I think there is likely a permissions issue that does not allow the service to use the well known port 443 but I am not sure what permission I need to grant.

P.S. this same issue happens for changing the http port from 8080 to 80.

versions

The versions of ACS, hypervisors, storage, network etc..
ACS: 4.20.1
ESXI: 8.0.3

The steps to reproduce the bug

Change the https (https.port) port in /etc/cloudstack/management/server.properties from 8443 to 443.

What to do about it?

Need to fix this as this not expected behavior.

[DaanHoogland]

@justinestruch , for programs to be allowed to run on ports below 1024 they need root privilege. Best practice is to run a proxy in front of cloudstack. It is not advised to run ACS as root in production environments.

[justinestruch]

Hi @DaanHoogland I appreciate the response. That makes sense, I'll go the route of using a proxy in front of CloudStack. Thanks for the info!