IN THIS PAGE
- Overview
PRODUCT MANUALS
PaperCut NG & PaperCut MF Manual
PRODUCTS FEATURED
By default, PaperCut NG/MF listens to ports 9191 and 9192 for HTTP and HTTPS communication respectively. These ports have been selected as they’re generally unused by other applications. Because PaperCut NG/MF is a web application, you might want to have the interface available on the standard HTTP and HTTPS ports [80 and 443 respectively]. One reason for doing so is to simplify URLs communicated verbally [as the user does not need to supply a port number].
The configuration procedure is different for each operating system. See below for instructions. Important: Before you begin, ensure no other applications [such as IIS, or Apache] are currently installed and using ports 80 or 443 on the server hosting PaperCut NG/MF.
Windows
Open the file:
[app-path]\server\server.properties
Enable port 80 [and 443] by changing the appropriate settings from
N
to aY
. They should look like:server.enable-http-on-port-80=Y
server.enable-https-on-port-443=Y
Change the server port in all providers installed on your network. The server port is set in the
print-provider.conf
file in the provider directory.Change the server port in the User Client config file:
[app-path]\client\config.properties
.Restart the Application Server. [See Stop and start the Application Server].
Test and ensure the web interface is working. e.g.
//[myserver]/admin
Linux
On Linux systems, only privileged programs that run as root
can use ports under
1024. In line with security best practice PaperCut runs as a non-privileged user. To enable port 80 and 443, use iptables
[or ipchains on old systems] to port-forward 80 to 9191. The following commands provide an example. Consult your distribution’s documentation to see how to persist the iptables
rules between system restarts:
/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst \
-p tcp --dport 80 -j REDIRECT --to-ports 9191
/sbin/iptables -t nat -I PREROUTING --src 0/0 --dst \
-p tcp --dport 443 -j REDIRECT --to-ports 9192
[These commands would typically be placed in an rc init
script or the iptables startup config script as
provided by your distribution.]
When you are done, restart the Application Server. [See Stop and start the Application Server].
Mac
The approach on Mac systems is similar to Linux. With the release of Mac OS X 10.11 [El Capitan] and the inclusion of System Integrity Protection [SIP] modifications to /System/ are disabled by default and disabling this feature is not recommended. The following information works for Mac OS X 10.10. For Mac OS X 10.10 and later, the support for the IPFW firewall has been removed in favor of PF.
Mac OS X 10.10
From Mac OS X 10.10, you must use the pfctl
command to modify the Mac firewall.
Create the anchor file:
sudo vi /etc/pf.anchors/com.papercut
Modify the
/etc/pf.anchors/com.papercut
file by adding the following lines:rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191
rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
Test the anchor file:
sudo pfctl -vnf /etc/pf.anchors/com.papercut
Add the anchor file to the pf.conf file:
sudo vi /etc/pf.conf
Then add in the following lines under each corresponding section - e.g. the rdr-anchor line under the current rdr-anchor line, and the load anchor under the current load-anchor statement:
rdr-anchor "port80"
load anchor "port80" from "/etc/pf.anchors/com.papercut"
Load the pf.conf file automatically at startup by editing the current daemon for pf:
sudo vi /System/Library/LaunchDaemons/com.apple.pfctl.plist
Then within the section detailing the program arguments
ProgramArguments
, add in an extra string with -e, which enables the config, as per:pfctl
-e
-f
/etc/pf.conf
Then save the file, exit and restart the server to test.
To test this method manually [no restart required] you can use the pfctl command:
sudo pfctl -ef /etc/pf.conf
This loads and enables the
pf.conf
file, which then calls thecom.papercut
anchor file.Restart the Application Server. [See Stop and start the Application Server].
Mac OS X 10.9 and earlier
In Mac OS X 10.9 and earlier, one needs to use the ipfw
command to modify the Mac firewall:
sudo /sbin/ipfw add 102 fwd 127.0.0.1,9191 tcp from any to any 80 in
See the ipfw
man page for all the scary details!