Enabling ports 80 (HTTP) and 443 (HTTPS)

By default, PaperCut listens to ports 9191 and 9192 for HTTP and HTTPS communication respectively. These ports have been selected as they're generally unused by other applications. Because PaperCut is a web application it may be desirable to have the interface available on the standard HTTP and HTTPS ports (80 and 443 respectively). One reason for doing so may be to simplify URLs communicated verbally (as the user will not have to supply a port number).

The configuration procedure is different for each operating system. See below for instructions. Important: Before you begin, first ensure no other applications (such as IIS, or Apache) are currently installed and using ports 80 or 443 on the server hosting PaperCut.

Important

The following directions detail how to enable port 80 in addition to port 9191. Enabling an additional port is recommended over simply changing the existing port. Port 9191 is also used for server-to-server and client-to-server communication so it's important that this port continue to be made available.

Important

Also make sure you you enable the 80 and 443 firewall ports if users access PaperCut across firewall devices

Windows

  1. Stop the PaperCut MF Application Sever, under Control PanelAdministrative ToolsServices.

  2. Open the file: [app-path]\server\server.properties

  3. Enable port 80 (and 443) by changing the appropriate settings from a N to a Y. They should look like:

            server.enable-http-on-port-80=Y
            server.enable-https-on-port-443=Y
                            

  4. Restart the PaperCut MF Application Server stopped in Step 1.

  5. Test and ensure the web interface is working. e.g. http://[myserver]/admin

Linux

On Linux systems, only privileged programs that run as root may use ports under 1024. In line with security best practice PaperCut runs as a non-privileged user. To enable port 80 and 443, use iptables (or ipchains on old systems) to port-forward 80 to 9191. The following commands provide an example. You may need to consult your distribution's documentation to see how to persist the iptables rules between system restarts:

        /sbin/iptables -t nat -I PREROUTING --src 0/0 --dst <server_ip> \
              -p tcp --dport 80 -j REDIRECT --to-ports 9191

        /sbin/iptables -t nat -I PREROUTING --src 0/0 --dst <server_ip> \
              -p tcp --dport 443 -j REDIRECT --to-ports 9192
                

(These commands would typically be place these in an rc init script or the iptables startup config script as provided by your distribution.)

Mac

The approach on Mac systems is similar to Linux. However, since Mac OS X 10.10 the support for the IPFW firewall has been removed in favor of PF.

Mac OS X 10.10 and later

From Mac OS X 10.10, you must use the pfctl command to modify the Mac firewall.

  1. Create the anchor file:

            sudo vi  /etc/pf.anchors/com.papercut
                    

  2. Modify the /etc/pf.anchors/com.papercut file by adding the following lines:

            rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191
            rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
            rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
                        

  3. Test the anchor file:

            sudo pfctl -vnf /etc/pf.anchors/com.papercut
                        

  4. Add the anchor file to the pf.conf file:

            sudo vi /etc/pf.conf
                        

    Then add in the following lines under each corresponding section - e.g. the rdr-anchor line under the current rdr-anchor line, and the load anchor under the current load-anchor statement:

            rdr-anchor "port80"
            load anchor "port80" from "/etc/pf.anchors/com.papercut"
                        

  5. Load the pf.conf file automatically at startup by editing the current daemon for pf:

            sudo vi /System/Library/LaunchDaemons/com.apple.pfctl.plist
                        

    Then within the section detailing the program arguments <key>ProgramArguments</key>, add in an extra string with -e, which will enable the config, as per:

            <string>pfctl</string>
            <string>-e</string>
            <string>-f</string>
            <string>/etc/pf.conf</string>
                        

    Then save the file, exit and restart the server to test.

  6. To test this method manually (no restart required) you can use the pfctl command:

            sudo pfctl -ef /etc/pf.conf
                        

    This will load and enable the pf.conf file, which will then call the com.papercut anchor file.

Mac OS X 10.9 and earlier

In Mac OS X 10.9 and earlier, one needs to use the ipfw command to modify the Mac firewall:

        sudo /sbin/ipfw add 102 fwd 127.0.0.1,9191 tcp from any to any 80 in
                   

See the ipfw man page for all the scary details!