How to make PBA-E XML RPC server to listen to public IP address : CloudBlue Technical Support

Symptoms

In the default installation PBA-E XML RPC proxy server is listening to requests on port 5224 on private IP address for the security reasons.

Provider want to make PBA-E XML RPC server to listen to requests on public IP address.

Resolution

For PBA 5.5.x

Note: Enabling same functionality for PBA 5.5.x is explained in KB #120973

Actually two PBA-E services are involved into the process of XML RPC API requests processing:

xrproxy - proxy server written in Perl which is listening incoming XML RPC requests on port 5224 and proxies them to XML RPC server
xmlrpcd - XML RPC server

On typical PBA-E installation you may see the following picture:

# netstat -antp | egrep 'perl|xmlrpcd'

tcp        0      0 10.64.52.131:5224           0.0.0.0:*                   LISTEN      17444/perl

tcp        0      0 127.0.0.1:5224              0.0.0.0:*                   LISTEN      17444/perl

tcp        0      0 0.0.0.0:5230                0.0.0.0:*                   LISTEN      17478/xmlrpcd

tcp        0      0 0.0.0.0:5231                0.0.0.0:*                   LISTEN      17479/xmlrpcd

tcp        0      0 0.0.0.0:5232                0.0.0.0:*                   LISTEN      17480/xmlrpcd

tcp        0      0 0.0.0.0:5233                0.0.0.0:*                   LISTEN      17481/xmlrpcd

tcp        0      0 0.0.0.0:5234                0.0.0.0:*                   LISTEN      17482/xmlrpcd

tcp        0      0 127.0.0.1:47425             127.0.0.1:5223              ESTABLISHED 17481/xmlrpcd

tcp        0      0 127.0.0.1:47428             127.0.0.1:5223              ESTABLISHED 17482/xmlrpcd

tcp        0      0 127.0.0.1:47416             127.0.0.1:5223              ESTABLISHED 17478/xmlrpcd

tcp        0      0 127.0.0.1:47419             127.0.0.1:5223              ESTABLISHED 17479/xmlrpcd

tcp        0      0 127.0.0.1:47422             127.0.0.1:5223              ESTABLISHED 17480/xmlrpcd

The listing says the following:

process 'perl' (actually it is Perl script /usr/local/Stellart/bin/xrproxy.pl) listen to the port 5224 on localhost and private IP address 10.64.52.31 - this is proxy server
processes 'xmlrpcd' listen to ports 5230, 5231, 5232, 5233, 5234 - these are instances of XML RPC server

All incoming XML RPC requests are going to XML Proxy server and are being processed by the Perl script /usr/local/Stellart/bin/xrproxy.pl which passes them to processes xmlrpcd (which is actual XML RPC server) using round-robin algoritm.

Templates of configuration files for these services are the following:

/usr/local/bm/etc/ssm.conf.d/.xrproxy.conf - proxy server
/usr/local/bm/etc/ssm.conf.d/.xmlrpcd.conf - XML RPC server

So, if you need to make PBA-E to listen to XML RPC API requests on public IP address the you need to perform the following actions:

Create or edit the file /usr/local/bm/etc/ssm.conf.d/xrproxy.conf on PBA-E server and enter desired IP address in the parameter HOST_IP in the section '[environment]':

[environment]

HOST_IP = external_ip
Restart services xrproxy and xmlrpcd:

/etc/init.d/pba restart xrproxy

/etc/init.d/pba restart xmlrpcd

Additional Information

It's recommended to enable authentication when opening port on public IP address. But if you enable authentication on existing containers, xrproxy and xmlrpcd, POA and Online store integration will be broken.

Thus, in order to avoid any failures it is necessary to create additional containers and to open another port for the XML RPC requests with authentication enabled. This procedure is described in the article "How to enable authorization for xmlrpcd". Apply changes in “Resolution” to file xrproxy_auth.conf as described in above KB if you want to enable authentication on external_ip.