Enable ports 80 (HTTP) and 443 (HTTPS) (2024)

By default, PaperCut NG/MF listens to ports 9191 and 9192 for HTTP and HTTPS communication respectively. These ports have been selected as they're generally unused by other applications. Because PaperCut NG/MF is a web application, you might want to have the interface available on the standard HTTP and HTTPS ports (80 and 443 respectively). One reason for doing so is to simplify URLs communicated verbally (as the user does not need to supply a port number).

The configuration procedure is different for each operating system. See below for instructions. Important: Before you begin, ensure no other applications (such as IIS, or Apache) are currently installed and using ports 80 or 443 on the server hosting PaperCut NG/MF.

Windows

1. Open the file: [app-path]\server\server.properties

2. Enable port 80 (and 443) by changing the appropriate settings from N to a Y. They should look like:

   server.enable-http-on-port-80=Y

   server.enable-https-on-port-443=Y

3. Change the server port in all providers installed on your network. The server port is set in the print-provider.conf file in the provider directory.

4. Change the server port in the User ClientThe User Client tool is an add-on that resides on a user's desktop. It allows users to view their current account balance via a popup window, provides users with the opportunity to confirm what they are about to print, allows users to select shared accounts via a popup, if administrators have granted access to this feature, and displays system messages, such as the "low credit" warning message or print policy popups. config file:

   [app-path]\client\config.properties.

   IMPORTANT

   If the client is installed locally on workstations, then change the config file on each workstation. On Linux/Unix systems, the server runs under the privilege of a non-root account. Some systems prevent non-root users from binding to ports lower than 1024. An alternate option is to use kernel level TCP port redirection (e.g. iptables).

   See Also

   Firewall Instructions - WCFHow to Block or Allow TCP/IP Port in Windows Firewall | Action1How to Open Your Port 80 Behind a Firewall: 8 StepsHow to Check if Firewall Is Blocking a Port or a Program? - MiniTool

5. Restart the Application ServerAn Application Server is the primary server program responsible for providing the PaperCut user interface, storing data, and providing services to users. PaperCut uses the Application Server to manage user and account information, manage printers, calculate print costs, provide a web browser interface to administrators and end users, and much more.. (See Stop and start the Application Server).

6. Test and ensure the web interface is working. e.g. http://[myserver]/admin

Linux

On Linux systems, only privileged programs that run as root can use ports under 1024. In line with security best practice PaperCut runs as a non-privileged user. To enable port 80 and 443, use iptables (or ipchains on old systems) to port-forward 80 to 9191. The following commands provide an example. Consult your distribution's documentation to see how to persist the iptables rules between system restarts:

/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst <server_ip> \

-p tcp --dport 80 -j REDIRECT --to-ports 9191

/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst <server_ip> \

-p tcp --dport 443 -j REDIRECT --to-ports 9192

(These commands would typically be placed in an rc init script or the iptables startup config script as provided by your distribution.)

When you are done, restart the Application Server. (See Stop and start the Application Server).

Mac

The approach on Mac systems is similar to Linux. With the release of Mac OS X 10.11 (El Capitan) and the inclusion of System Integrity Protection (SIP) modifications to /System/ are disabled by default and disabling this feature is not recommended. The following information works for Mac OS X 10.10. For Mac OS X 10.10 and later, the support for the IPFW firewall has been removed in favor of PF.

Mac OS X 10.10

From Mac OS X 10.10, you must use the pfctl command to modify the Mac firewall.

1. Create the anchor file:

   sudo vi /etc/pf.anchors/com.papercut

2. Modify the /etc/pf.anchors/com.papercut file by adding the following lines:

   rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191

   rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191

   rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191

3. Test the anchor file:

   sudo pfctl -vnf /etc/pf.anchors/com.papercut

4. Add the anchor file to the pf.conf file:

   sudo vi /etc/pf.conf

   Then add in the following lines under each corresponding section - e.g. the rdr-anchor line under the current rdr-anchor line, and the load anchor under the current load-anchor statement:

   rdr-anchor "port80"

   load anchor "port80" from "/etc/pf.anchors/com.papercut"

5. Load the pf.conf file automatically at startup by editing the current daemon for pf:

   sudo vi /System/Library/LaunchDaemons/com.apple.pfctl.plist

   Then within the section detailing the program arguments <key>ProgramArguments</key>, add in an extra string with -e, which enables the config, as per:

   <string>pfctl</string>

   <string>-e</string>

   <string>-f</string>

   <string>/etc/pf.conf</string>

   Then save the file, exit and restart the server to test.

6. To test this method manually (no restart required) you can use the pfctl command:

   sudo pfctl -ef /etc/pf.conf

   This loads and enables the pf.conf file, which then calls the com.papercut anchor file.

7. Restart the Application Server. (See Stop and start the Application Server).

Mac OS X 10.9 and earlier

In Mac OS X 10.9 and earlier, one needs to use the ipfw command to modify the Mac firewall:

sudo /sbin/ipfw add 102 fwd 127.0.0.1,9191 tcp from any to any 80 in