Due to the OSX limitations in ports below 1024, in order to use them without running as root the virtualbox headless you can do the following workaround, (remember the command ipfw is deprecated on El Capitan)
In the Vagrant file use ports over 1024, for instance change 80 and 443 to 8080 and 8043.
# Apache
config.vm.network "forwarded_port", guest: 80, host: 8080
# Apache SSL
config.vm.network "forwarded_port", guest: 443, host: 8043
- Then we will redirect this ports to the host machine 80 and 443 like this:
Add the following to /etc/pf.anchors/vagrant
:
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8043
Add the following to /etc/pf-vagrant.conf
:
rdr-anchor "forwarding"
load anchor "forwarding" from "/etc/pf.anchors/vagrant"
Add the following to /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist
:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.pfctl-vagrant</string>
<key>Program</key>
<string>/sbin/pfctl</string>
<key>ProgramArguments</key>
<array>
<string>pfctl</string>
<string>-e</string>
<string>-f</string>
<string>/etc/pf-vagrant.conf</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<false/>
</dict>
</plist>
Run the following command to have it start at boot:
sudo launchctl load -w /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist
Run the following command to remove it from boot (if it's no longer required):
sudo launchctl unload -w /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist
Or simply remove the files and log out / log in.
Thanks to f1sherman: https://gist.github.com/f1sherman/843f85ea8e2cbcdb40af
- A second option may be use command line each time:
echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
" | sudo pfctl -ef -
To disable the forwarding:
sudo pfctl -F all -f /etc/pf.conf
To display current forwarding rules:
sudo pfctl -s nat
Sometimes the forwarding on 127.0.0.1 fails, so you can use 127.0.0.2 on El Capitán.