29 Aug 2022 12:41 PM - last edited on 16 Jun 2023 12:43 PM by Karolina_Linda
Hello.
By default, Dynatrace Cluster nodes expose on port 443 the UI service plus API service plus OA service. Is there a way to have a service point exposing only API service?
I'd like some API scripts to have access (network / firewall wise) to API without having access to UI.
Regards.
Solved! Go to Solution.
29 Aug 2022 01:07 PM
For OneAgent communication, you can set a port that you like - but if it is different than 443 or 8433 then you need to have your own proxy or LB - https://www.dynatrace.com/support/help/shortlink/managed-load-balancer#oneagent-
For API only port - you need to do it very similar way - you need to put your own LB/proxy in front and set up rules to hit /api only requests.
29 Aug 2022 03:15 PM - edited 29 Aug 2022 03:25 PM
So, if I understand well
Correct ?
BTW, of interest I see
29 Aug 2022 04:44 PM
Yes, all correct.
29 Aug 2022 03:23 PM
This not the topic of this thread but :
For OneAgent communication, you can set a port that you like ; but if it is different than 443 or 8433 then you need to have your own proxy or LB
I don't understand this statement. If I change CMC > Cluster nodes > OneAgent endpoint configuration to (say) 7777, all my ActiveGate's and OneAgent gets automatically updated to send OneAgent traffic to his new port number (7777) ( AG and OA are "network topology aware" ) and I do not need to set up either LB or Proxy. This is tested and proven.
29 Aug 2022 04:45 PM
If you set endpoint to port 7777, then OneAgents and AGs will try to reach out that port. You need to take care of making this endpoint available - e.g. via LB/proxy.
29 Aug 2022 04:52 PM
@Radoslaw_Szulgo wrote:If you set endpoint to port 7777, then OneAgents and AGs will try to reach out that port. You need to take care of making this endpoint available - e.g. via LB/proxy.
To my understanding : ... making this endpoint available via *firewall* (if not open by default), not via LB / proxy : I have none. In my case I'd need to change nothing, because my OA's communicate with Cluster exclusively through AG:9999 (already firewall open) and this AG would communicates to Cluster Nodes @ :7777 (already firewall open).
30 Aug 2022 04:21 PM
What would you like to understand? Resolve? I'm lost now.
I'm trying to explain that if you want to route the traffic on a custom port - for instance, 7777, you need additional infrastructure that follows like that:
OneAgent -- :7777 --> custom LB/Proxy --- :443 or :8443 --> Cluster node
30 Aug 2022 04:30 PM
I think you replied : no, for now it is not possible to talk to Cluster Nodes API endpoints (443), without also having access at the same endpoint to Web UI and OneAgent traffic. Unless one mingles with a reverse-proxy filtering incoming request to let through only /api/* and /<env-id>/api/*.
Thanks.
Regards.