cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ActiveGate not working on port 443

I am trying to configure the ActiveGate listener on port 443. I edited the file:

/var/lib/dynatrace/gateway/config/custom.properties

adding the lines:

[com.compuware.apm.webserver]
port-ssl = 443

Is there any limitation on this port? I tried to set up others (9997,9998) and they are working fine.


9 REPLIES 9

Lukasz_Halman
Dynatrace Supporter
Dynatrace Supporter

Port numbers below 1024 require elevated privileges on Linux. AG which runs as regular user is not allowed to open such port.


Thank you it makes sense! Is there a way to change the user running the activegate?


I tried to run it as root ant it worked. Now I am wondering: Is there a way to expose the 9999 port binding it to the 443? I tired to use "iptables" command but it seems the ruxitagent.config file keeps the 9999 port. Is there a way to "force" the Oneagent to connect using 443?


Following iptables rule should work, however I guess the advertised port will stil be 9999 as configured at the gateway.

iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 9999

TEMPEST a.s., Slovakia, Dynatrace Master Partner

Exactly! The issue here is that even if I set up the new routing using IP tables agents keep connecting to 9999. Is there a way to manually set up the 443 on oneagent side?


Yes, in "/opt/dynatrace/oneagent/conf/ruxitagent.conf" (or similar), the list of endpoints is defined.

Server https://ip-of-the-ag:443/communication


This will get overwritten as soon as agent connects.
Actually, the correct method is to set the property in custom.properties as described in the very first post in this thread.
However, until you run the gateway as root, you cannot bind to ports lower than 1024 anyway.


TEMPEST a.s., Slovakia, Dynatrace Master Partner

I am not referring to the config of the activegate, but to the config of the oneagent. This file "ruxitagent.conf" also states "This file is generated automatically. Please do not modify." But when it can't reach any of the configured endpoints, you need to do something. Reinstall of the oneagent also helps (after new download from the dynatrace cluster) as it will use the updated activegate configuration.

I don't know about this actual use case of moving from port 9999 to 443, but I often use a proxy or loadbalancer to achieve this. The activegate's port is still 9999 and you use an external gateway to proxy traffic from port 443 to port 9999. Oneagent traffic is all TCP.


Apart from the PaaS agents where the ruxitagentproc.conf never gets modified - connecting (once) to a predefined endpoint is probably the only use case I can imagine.


TEMPEST a.s., Slovakia, Dynatrace Master Partner