Comment 3 for bug 1436279

We could mark maas-region-controller-min as conflicting with Apache (and anything else that services port 80 by default) and then run on port 80 directly. Twisted has support for binding low ports and then dropping privs, but we could also do it with authbind.

A point of perception: why are firewalls perceived as nigh-on impossible to change? In a reasonable world we could say "please open port 5240" but that possibility seems always to be dismissed without consideration.

Instead we're figuring out how to squash everything onto port 80, making our user's systems worse by pushing out Apache or Nginx or whatever was previously on port 80, or by adding an extra layer of indirection using, say, an Apache module to proxy long-lived websocket connections.

I understand that we can't change everyone's perception overnight, but I feel like I'm going mad when I read things like this: can no one else see the elephant?