Sysadmin Port Management CLIc

Hello! I use an RMM platform to monitor VMs hosted in the cloud that run FreePBX 16. This RMM platform allows me to run bash scripts in mass, at certain times, collect results and use them as conditions for monitoring and alerting, some pretty cool stuff. We use it a lot for automating things including fixes and ensuring proper config of our FreePBX servers.

Something that came up recently was an issue with LetsEncrypt not being able to generate/regenerate an SSL cert and generating a port 80 error. Turns out this was occurring because under System Admin > Port Management (see uploaded screencap), the insecure port for Admin was set to 80 and LetsEncrypt was disabled. Changing admin to port 8080 and LetsEncrypt to 80 fixes the error and allows the cert to generate/regenerate properly. And also ensuring that the HTTPS Address dropdown is selected on the FQDN of the server accordingly.

What I’d like to do is figure out a way to automate checking and fixing those dropdown settings via CLI. I’ve done some research and fwconsole sa ports will give me a readout of the ports, but I am not sure how to set them. I tried fwconsole sa ports --set=leport:80 and the command executes but it never actually updates the port when I check fwconsole sa ports. I also tried updating the database directly via mysql -D asterisk -e “UPDATE sysadmin_options SET value=‘80’ WHERE `key`=‘leport’;” and fwconsole reload, but when I do fwconsole sa ports it still isn’t showing leport as 80 and the GUI never updates either.

Am I missing something obvious? Can someone point me in the right direction for how to accomplish what I am looking to do?

Hi @Aaron After setting the port in mysql you need to the run the port update hook.

php /var/www/html/admin/modules/sysadmin/hooks/update-ports

If you are running FreePBX ‘In the cloud’ then we can presume you have a routable IP and a controllable ‘name service’

If so, consider moving from HTTP-01 to DNS-01 protocol for your chosen acme client. if you do that no ports need to be managed or opened (or closed) , just DNS TXT records added/removed, and that could easily be automatic and hands off with modern acme clients and an API string or two

@pramarajan This was the trick I needed, thank you very much! You wouldn’t happen to know the db entry for the HTTPS Address dropdown on that sysadmin port management page too, would you?

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.