12 Jan 2021 04:39 AM - last edited on 13 Jun 2023 09:57 AM by Karolina_Linda
Can I change the default port for Dynatrace Managed (Web UI 443) to another port?
Solved! Go to Solution.
12 Jan 2021 05:58 AM
Hello @dynatrace A.
I guess it can be possible only if we use our own trusted SSL certificate, but someone else in the community can correct this understanding.
Regards,
Babar
12 Jan 2021 07:18 AM
Theoretically, it is possible by modifying a rule in iptables that redirects traffic from 443 to 8022 (NGINX). However, such a modification is not supported as many places in communication will refer to :443 port hardcoded.
What you may want to do instead, is to set up a load balancer exposed on a custom port and keep Dynatrace Managed hidden behind.
12 Jan 2021 08:58 AM
Hello @Radoslaw S.
We have the suggested setup referred to in your comments, but the only difference that we are using port 443 (because the cluster node is listening on port 443).
I just wanted to know where/how to use the custom port.
Regards,
Babar
12 Jan 2021 09:11 AM
Hi Babar,
as you see:
443 is Routed to local port 8022 using an iptables' prerouting rule. This port must remain open. All Dynatrace communication to the cluster is handled over secure socket HTTPS communication (port 443) with strong cryptography to guarantee your data privacy. |
So Dynatrace Managed nodes does not actually listen on 443. You could either have your LB redirect to :443 port or :8022 (NGINX) - in these cases you don't need to care about cookies/session-stickiness as NGINX handle that. Or you can redirect to :8021 (server) - in that case you need to care of session-stickiness.
There's also an option you disable firewall service (clear iptable rules) and manage it by your own to set it up.
12 Jan 2021 09:29 AM
Hello @Radoslaw S.
Now I understood the idea that there is an already prerouting configured rule from 443 to 8022, so for the LB SSL certificate, we can use the 8022 instead of the 443.
Is my understanding correct?
Regards,
Babar
12 Jan 2021 09:32 AM
yes, you should be able to
12 Jan 2021 09:39 AM
Hello @Radoslaw S.
Thank you for the endorsement.
Now you can implement the same solution to achieve your objectives.
Regards,
Babar