9.10.7. Configuring the Port Proxy

All OpenShift Enterprise applications are contained within gears. These applications listen for connections on the loopback interface. The node host uses iptables to listen on external-facing ports and forwards incoming requests to the appropriate application.

Procedure 9.9. To Configure the OpenShift Port Proxy:

  1. Verify that iptables is running and will start on boot.
    # service iptables restart
    # chkconfig iptables on
  2. Verify that the port proxy starts on boot:
    # chkconfig openshift-iptables-port-proxy on
  3. Modify the iptables rules:
    # sed -i '/:OUTPUT ACCEPT \[.*\]/a :rhc-app-comm - [0:0]' /etc/sysconfig/iptables
    # sed -i '/-A INPUT -i lo -j ACCEPT/a -A INPUT -j rhc-app-comm' /etc/sysconfig/iptables
    

    Warning

    After you run these commands, do not run any further lokkit commands on the node host. Running lokkit commands after this point overwrites the required iptables rules and causes the openshift-iptables-port-proxy service to fail during startup.
    Restart the iptables service for the changes to take effect:
    # service iptables restart
  4. Start the service immediately:
    # service openshift-iptables-port-proxy start
  5. Run the following command so that the openshift-gears service script starts on boot. The openshift-gears service script starts gears when a node host is rebooted:
    # chkconfig openshift-gears on

Note

If you use the kickstart or bash script, the configure_port_proxy function performs these steps.