From b91921b6899375bd0a2fb33beae0cb8fb5fe0cda Mon Sep 17 00:00:00 2001
From: Ihor Aleksandrychiev <ihor.aleksandrychiev@northern.tech>
Date: Tue, 8 Oct 2024 11:30:12 +0300
Subject: [PATCH] Added possibility to configure Mission Portal web server
 ports

Ticket: ENT-12151
Signed-off-by: Ihor Aleksandrychiev <ihor.aleksandrychiev@northern.tech>
---
 cfe_internal/enterprise/CFE_hub_specific.cf   | 46 +++++++++++++++++++
 cfe_internal/enterprise/mission_portal.cf     |  5 ++
 .../enterprise/templates/httpd.conf.mustache  |  8 ++--
 3 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/cfe_internal/enterprise/CFE_hub_specific.cf b/cfe_internal/enterprise/CFE_hub_specific.cf
index 22e0782a8..f964d0770 100644
--- a/cfe_internal/enterprise/CFE_hub_specific.cf
+++ b/cfe_internal/enterprise/CFE_hub_specific.cf
@@ -40,6 +40,14 @@ bundle common cfe_internal_hub_vars
 
     policy_server::
 
+      "http_port" -> { "ENT-12151" }
+        string => ifelse( isvariable("cfe_internal_hub_vars.http_port"), "$(cfe_internal_hub_vars.http_port)", "80" ),
+        comment => "Mission portal's webserver HTTP port. Default 80";
+
+      "https_port" -> { "ENT-12151" }
+        string => ifelse( isvariable("cfe_internal_hub_vars.https_port"), "$(cfe_internal_hub_vars.https_port)", "443" ),
+        comment => "Mission portal's webserver HTTPS port. Default 443";
+
       "docroot" string => "$(sys.workdir)/httpd/htdocs",
         comment => "Root directory of Enterprise Web interface",
         handle => "cfe_internal_hub_vars_docroot";
@@ -91,6 +99,44 @@ bundle common cfe_internal_hub_vars
 
 }
 
+##################################################################
+#
+# update_cli_rest_server_url_config
+#  - updates REST server URL port of Mission Portal WebGUI when
+#    cfe_internal_hub_vars.https_port is changed
+#
+##################################################################
+bundle agent update_cli_rest_server_url_config
+{
+  vars:
+    "mp_config_file" string => "$(cfe_internal_hub_vars.docroot)/application/config/config.php";
+    "mp_share_config_file" string => "$(sys.workdir)/share/GUI/application/config/config.php";
+    "regex_test_pattern" string => ".*localhost:$(cfe_internal_hub_vars.https_port).*";
+
+  files:
+   "$(mp_share_config_file)"
+      edit_line => change_cli_rest_server_url_port,
+      if => and(
+        fileexists("$(mp_share_config_file)"),
+        islessthan(countlinesmatching("$(regex_test_pattern)", "$(mp_share_config_file)"), 1)
+        );
+
+    "$(mp_config_file)"
+      edit_line => change_cli_rest_server_url_port,
+      if => and(
+        fileexists("$(mp_config_file)"),
+        islessthan(countlinesmatching("$(regex_test_pattern)", "$(mp_config_file)"), 1)
+        );
+}
+
+bundle edit_line change_cli_rest_server_url_port
+{
+  replace_patterns:
+  "^\s*\$config\['cli_rest_server_url'\]\s*=\s*\"https://localhost(?::(?!$(cfe_internal_hub_vars.https_port))\d{1,5})?/api/\";\s*$"
+      replace_with => value("    $config['cli_rest_server_url'] = \"https://localhost:$(cfe_internal_hub_vars.https_port)/api/\";"),
+      comment => "Change port CLI REST server URL port";
+}
+
 ##################################################################
 #
 # cfe_internal_update_folders
diff --git a/cfe_internal/enterprise/mission_portal.cf b/cfe_internal/enterprise/mission_portal.cf
index fe69ef62f..bb1d1d339 100644
--- a/cfe_internal/enterprise/mission_portal.cf
+++ b/cfe_internal/enterprise/mission_portal.cf
@@ -15,6 +15,11 @@ bundle agent cfe_internal_enterprise_mission_portal
         handle => "cfe_internal_management_web_server",
         comment => "Manage Apache Web server (on/off)";
 
+      "Port Configuration" -> { "CFEngine Enterprise", "Mission Portal" }
+        usebundle => update_cli_rest_server_url_config,
+        handle => "cfe_internal_management_update_cli_rest_server_url_config",
+        comment => "Update the REST server URL port in the Mission Portal when cfe_internal_hub_vars.https_port is changed";
+
 }
 bundle agent apachectl_patched_for_upgrade
 # @brief Ensure that apacehctl is patched so that it is able to re-start services
diff --git a/cfe_internal/enterprise/templates/httpd.conf.mustache b/cfe_internal/enterprise/templates/httpd.conf.mustache
index 3dbf55dd1..dd279bc01 100644
--- a/cfe_internal/enterprise/templates/httpd.conf.mustache
+++ b/cfe_internal/enterprise/templates/httpd.conf.mustache
@@ -10,7 +10,7 @@ ServerRoot "{{{vars.sys.workdir}}}/httpd"
 # ENT-10646 - Listen 80 often causes IPv6 related errors, specifying ipv4 squashes them.
 #   Unclear why the same is not an issue for 443
 #   To enable listening on ipv6 add Listen [::]:80
-Listen 0.0.0.0:80
+Listen 0.0.0.0:{{{vars.cfe_internal_hub_vars.http_port}}}
 {{/classes.cfe_enterprise_disable_plain_http}}
 
 PidFile "{{{vars.mission_portal_apache_from_stage.httpd_pid_file}}}"
@@ -135,7 +135,7 @@ LogLevel warn
   # This content used to be included from an external file
   # /var/cfengine/httpd/conf/extra/httpd-ssl.conf
 
-  Listen 443
+  Listen {{{vars.cfe_internal_hub_vars.https_port}}}
 
   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl    .crl
@@ -183,12 +183,12 @@ LogLevel warn
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin
 
-  <VirtualHost _default_:443>
+  <VirtualHost _default_:{{{vars.cfe_internal_hub_vars.https_port}}}>
     DocumentRoot "{{{vars.cfe_internal_hub_vars.public_docroot}}}"
     Alias "/api" "{{{vars.cfe_internal_hub_vars.docroot}}}/api"
     Alias "/api/static" "{{{vars.cfe_internal_hub_vars.docroot}}}/api/static"
     Alias "/ldap" "{{{vars.cfe_internal_hub_vars.docroot}}}/ldap"
-    ServerName {{{vars.sys.fqhost}}}:443
+    ServerName {{{vars.sys.fqhost}}}:{{{vars.cfe_internal_hub_vars.https_port}}}
     # ServerAdmin root@localhost
     ErrorLog "{{{vars.cfe_internal_hub_vars.error_log}}}"
     LogFormat "%h %l %{username}n %t \"%r\" %>s %b"