By default, PaperCut listens to ports 9191 and 9192 for HTTP and HTTPS communication respectively. These ports have been selected as they're generally unused by other applications. Because PaperCut is a web application it may be desirable to have the interface available on the standard HTTP and HTTPS ports (80 and 443 respectively). One reason for doing so may be to simplify URLs communicated verbally (as the user will not have to supply a port number).
The configuration procedure is different for each operating system. See below for instructions. Important: Before you begin, first ensure no other applications (such as IIS, or Apache) are currently installed and using ports 80 or 443 on the server hosting PaperCut.
The following directions detail how to enable port 80 in addition to port 9191. Enabling an additional port is recommended over simply changing the existing port. Port 9191 is also used for server-to-server and client-to-server communication so it's important that this port continue to be made available.
Also make sure you you enable the 80 and 443 firewall ports if users access PaperCut across firewall devices
Stop the PaperCut MF Application Sever, under → → .
Open the file: [app-path]\server\server.properties
Enable port 80 (and 443) by changing the appropriate settings from a N to
a Y. They should look like:
server.enable-http-on-port-80=Y
server.enable-https-on-port-443=Y
Restart the PaperCut MF Application Server stopped in Step 1.
Test and ensure the web interface is working. e.g. http://[myserver]/admin
On Linux systems, only privileged programs that run as root may use ports under 1024. In line with security best practice
PaperCut runs as a non-privileged user. To enable port 80 and 443, use iptables (or ipchains on old systems) to
port-forward 80 to 9191. The following commands provide an example. You may need to consult your distribution's documentation to see
how to persist the iptables rules between system restarts:
/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst <server_ip> \
-p tcp --dport 80 -j REDIRECT --to-ports 9191
/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst <server_ip> \
-p tcp --dport 443 -j REDIRECT --to-ports 9192
(These commands would typically be place these in an rc init script or the iptables startup config script as provided
by your distribution.)
The approach on Mac systems is similar to Linux. However, since Mac OS X 10.10 the support for the IPFW firewall has been removed in favor of PF.
From Mac OS X 10.10, you must use the pfctl command to modify the Mac firewall.
Create the anchor file:
sudo vi /etc/pf.anchors/com.papercut
Modify the /etc/pf.anchors/com.papercut file by adding the following lines:
rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191
rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
Test the anchor file:
sudo pfctl -vnf /etc/pf.anchors/com.papercut
Add the anchor file to the pf.conf file:
sudo vi /etc/pf.conf
Then add in the following lines under each corresponding section - e.g. the rdr-anchor line under the current rdr-anchor line, and the load anchor under the current load-anchor statement:
rdr-anchor "port80"
load anchor "port80" from "/etc/pf.anchors/com.papercut"
Load the pf.conf file automatically at startup by editing the current daemon for pf:
sudo vi /System/Library/LaunchDaemons/com.apple.pfctl.plist
Then within the section detailing the program arguments <key>ProgramArguments</key>,
add in an extra string with -e, which will enable the config, as per:
<string>pfctl</string>
<string>-e</string>
<string>-f</string>
<string>/etc/pf.conf</string>
Then save the file, exit and restart the server to test.
To test this method manually (no restart required) you can use the pfctl command:
sudo pfctl -ef /etc/pf.conf
This will load and enable the pf.conf file, which will then call the com.papercut anchor file.
© Copyright 1999-2015. PaperCut Software International Pty Ltd. All rights reserved.