1. Enabling Network-Bound Disk Encryption
  2. Install and Configure a Tang Server
  3. Optionally Configure the Tang Server to Run on a Specified Port

Optionally Configure the Tang Server to Run on a Specified Port

By default, Tang runs on TCP port 80. If you intend to override this setting to run a Tang server on another port, you must configure SELinux so that Tang works with the required TCP port.

  1. Configure Tang to listen on a chosen TCP port.

    For example, to configure Tang to listen on TCP port 7500, run: 

    sudo semanage port -a -t tangd_port_t -p tcp 7500
  2. Configure a Systemd override so that Tang listens on the chosen port.

    If you have chosen to run Tang on a different port, you must configure a Systemd override by configuring a Socket entry: 

    sudo mkdir -p /etc/systemd/system/tangd.socket.d/
sudo cat <<EOF > /etc/systemd/system/tangd.socket.d/port.conf
[Socket]
ListenStream=
ListenStream=7500
EOF
  3. Reload Systemd daemon configuration.

    If you edit Systemd configuration you must reload Systemd daemon configuration for the changes to take effect: 

    sudo systemctl daemon-reload

You must configure the firewall to allow traffic to reach the configured TCP port. See Update the Firewall Policy to configure the firewall.