I want to disable the HTTP endpoint entirely, now that I’ve got a certificate configured. I was going to remove the lines in the default appsettings.json file but am under the impression this file will be overwritten during app updates, and since I’m not simply wanting to override the default settings I can’t simply not have that section in the customized appsettings.json file. Anyone have a suggestion? I could just ignore that it’s listening on an unencrypted port, but I’d rather get rid of it completely if possible.
How are you hosting your instance/whats your setup?
I’m using PSU installed as a service and my appsettings.json (in the c:\programdata\powershelluniversal folder) isnt overwritten on updates (it’s only the one in program files that is), the one in program data, takes precedence.
I only define my https endpoint and http is therefore inaccessible.
Also check out this doc: App Settings - PowerShell Universal
You can add a flag to redirect http to https which may also be a better option.
It’s installed via the MSI file (as a service). And, yes, that’s how mine is set up as well (with the separate appsettings.json file in ProgramData to define HTTPS on port 443 (again, because I was told via the video guide that the default file in Program Files (x86) would be overwritten during app update, and to avoid making changes to it there).
In the customized appsettings.json file (the one in ProgramData) I only have HTTPS defined, which works fine in itself, however I see that port 5000 is still listening and the PSU site is still reachable on it (which is why I posted this question).
When I installed mine, I didnt use defaults on the MSI and removed the :5000 port during setup (so it’s only using either 80 or 443 even for the admin console), wonder if thats why there’s a difference? but yeah I’m not too sure why yours is still listening if you dont have that defined as one of the endpoints in your prog data appsettings.
80 can’t be used here because it’s in use by Certbot for the Let’s Encrypt certificate process, so it was left to use port 5000. The port number itself doesn’t matter, though. The issue is that the service is still listening on HTTP even after setting the service to also use HTTPS (and despite using redirection or otherwise).
What I want is a way to turn off the HTTP listener completely. Since it’s part of the default appsettings.json file, removing the section would only last until the next app update (which would reinstate it).
There is another appsettings.json at c:\programdata\universal, or something like that, that you should use. Do not use appsettings.json in the universal exe folder because it will be overwritten everyone you upgrade like you said. The other location is not overwritten. You can just copy the entire contents to the programdata location if you want or just the sections that you want to modify. If the same section exists in both locations the programdata location will be used.
As I said, that’s what I’m already doing. The issue is that the default appsettings.json file is still present and enables the HTTP endpoint due to there not being an overriding setting in the ProgramData appsettings.json file to tell it to not enable it (such as being able to remove the section entirely). If the default appsettings.json file were not merged with the ProgramData version at all, and ONLY the ProgramData version was read from, that would solve the issue right there because I could simply not have the HTTP portion defined at all and not have to worry about updates regenerating the default file.
I’ve still not received any answers to this, so I’m left to assume that there is no way of doing it and the only option is to ignore it + not make it publicly accessible.
Basically, this. Closing port 5000 on the client firewall is the only solution I’m aware of.
Then, this sounds like something to add for a future release: some sort of enable/disable variable that can be adjusted in the custom appsettings.json to override the default file’s values.