You are viewing limited content. For full access, please sign in.

Question

Question

Why does Laserfiche 12 stop working when I block port 80, even though the entire installation and access was done solely through port 443 (HTTPS)?

Laserfiche Version 12
Updated June 26
asked on June 24

Hello everyone,

We successfully installed all components of Laserfiche 12 (including Directory Server, Web Access, Workflow, etc.) using port 443 exclusively, with a valid SSL certificate, and without ever enabling port 80.

Throughout the installation and initial testing, the environment worked perfectly with HTTPS-only access. However, when creating a firewall rule to explicitly block port 80, everything stopped working: the repository wouldn't load, Web Access failed, and services didn't seem to start properly.

The most confusing thing is that port 80 was never actively used, and there are no HTTP bindings configured in IIS, only HTTPS.

Does anyone know why Laserfiche keeps requiring port 80 to be free, even if it's not used directly?

Are there any internal services, verifications, or redirects that rely on port 80? How can it be configured to operate 100% under HTTPS and avoid this issue?

I greatly appreciate any help or similar experiences you can share.

0 0

Replies

replied on June 26

There isn't enough information to determine what might be wrong. With web products like LFDS and the web client, there are multiple layers where TLS needs to be configured. For ex, for the web client browser to web server, web server to the Laserfiche server. If you didn't configure TLS for the Laserfiche Server and turned off port 80, that might explain why the web client can't connect. 

I recommend opening a support case to investigate the issue. 

1 0
replied on June 25

A few of the components also use port 80 for administrative tasks, such as Import Agent, Server, Workflow triggers business processes using port 80. There is a really helpful whitepaper out there called "Default Network Ports for Laserfiche Products". The version I have is from February of this year, not sure if there is a newer version.

Hope that helps

Screenshot 2025-06-25 142217.jpg
Screenshot 2025-06-25 142246.jpg
Screenshot 2025-06-25 142315.jpg
Screenshot 2025-06-25 142217.jpg (53.31 KB)
Download
Screenshot 2025-06-25 142246.jpg (41.7 KB)
Download
Screenshot 2025-06-25 142315.jpg (34.1 KB)
Download
0 0
replied on June 26

Important to note that "Default Network Ports for Laserfiche Products" is older documentation, even though the LF12 apps got added in. Anywhere it mentions port 80, there should also be a config option to use https/443 instead.

  • Workflow uses https/443 to communicate with repositories if you have "Use SSL when connecting to Laserfiche" enabled from Workflow Admin Advanced Server Options: General
  • Workflow Business Processes have Repository Server call the Workflow Web Services endpoint (https://workflow.example.com/Workflow) over https/443 when the Workflow Web Services URL is set to an https one, per Workflow Web Service Configuration. The workflow server must have a 443 certificate binding.
    • Note: If you didn't have this URL set to an https one when you published a Workflow business process, you MUST republish it for Repository Server to receive and use the updated https endpoint.
  • Import Agent uses https/443 to connect to repositories when a profile has the "Use SSL Connection" option enabled, per Automating Import from a Windows Folder with Import Agent.
  • Repository Server listens on ports 80 and 443 by default (provided a certificate is bound to port 443).
    • Note: Repository Server traffic does NOT go through IIS. It has its own port 80 and 443 listeners independent from IIS site bindings. While you can set a port 443 certificate binding for Windows through IIS Manager that Repository Server can use (because it's at the OS level), there's no direct relationship between Repo Server and IIS.
    • You can see that by running this command in PowerShell: 
      netsh http show urlacl
      Where you'll see Repository Server's reserved URL listeners like http://*:80/lf/ and https://*:443/lf/.
  • Repository Desktop Client and Repository Admin Console both have similar "Use TLS" checkbox options (not enabled by default) when attaching a repository that makes them connect with https/443.
0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...