Bind Logstash monitoring API to different port

#1

According to the document https://www.elastic.co/guide/en/logstash/current/monitoring.html to bind monitoring API to a different port we have to launch Logstash with the --http.port doing so with port 443 I get the below permission denied error.

Any pointers how to fix this would be appreciated

[FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<Errno::EACCES: Permission denied - bind(2)>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:133:in initialize'", "org/jruby/RubyIO.java:876:innew'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/puma-2.16.0-java/lib/puma/binder.rb:234:in add_tcp_listener'", "(eval):2:inadd_tcp_listener'", "/usr/share/logstash/logstash-core/lib/logstash/webserver.rb:88:in start_webserver'", "/usr/share/logstash/logstash-core/lib/logstash/webserver.rb:44:inblock in run'", "org/jruby/RubyRange.java:511:in each'", "org/jruby/RubyEnumerable.java:1194:ineach_with_index'", "/usr/share/logstash/logstash-core/lib/logstash/webserver.rb:39:in run'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:385:inblock in start_webserver'"]}

#2

On UNIX you typically need to be root to bind to a port number below 1024. Ideally, pick a port number above 1024. If you really need to use 443 then Google "bind privileged port" and go through applicable solutions for whatever system you are on.

#3

I am using RedHat Linux, I am still not able to run the monitoring API in 443, but as an interim solution I have set firewalld port forwarding. As a result the API is accessible as http://:443, instead I want https://

#4

I do not think you can enable TLS on the monitoring port. You might want to ask another question on just that point.