14 Jun 2021 10:53 AM - last edited on 14 Jun 2021 12:33 PM by MaciejNeumann
Hi, I have implemented this new set up where I am trying to enabled agentless real user monitoring for my application. This is my set up - https://www.dynatrace.com/support/help/shortlink/managed-deployment-scenarios#scenario-3-integration...
where I have a public load balancer with VIP listening on port 443 which forwards the data to gateway servers on port 9999.
We have injected the js snipped in our application and when i tried to test this in Dev environment the load balancer is seeing the traffic but it does not receive any response back from gateway servers. The response code is coming as 0.
I've done some troubleshooting and talked to support and looks like the traffic between Load Balancer and the Active gateway servers is not encrypted.
I was looking into this but not sure the way forward - https://www.dynatrace.com/support/help/shortlink/activegate-configuration-ssl
I am using Dynatrace managed so do i need to ask Dynatrace to generate a certificate for me for the Cluster active gates so that the traffic flow is encrypted?
I've just followed the installation instructions of Active gateway and in the CMC console I can see there is already a certificate present issued by Dynatrace. What is that exactly? It looks like a default one and self signed? Attached is the screenshot.
Let me know if anyone has any advice.
Solved! Go to Solution.
14 Jun 2021 11:43 AM
Cluster ActiveGates have a self-signed certificate by default, unless you instructed Dynatrace to configure the SSL for you. I believe you did not that because it requires a public IP address a port forwarded to the cluster activegate directly.
You have at least two options:
You can also setup non-SSL port for the cluster activegate (not recommended).
16 Jun 2021 11:46 AM
Hi @Julius_Loman It was my bad. I didn't import the certs and that is why it was complaining about.
i have imported them and now it's working perfectly fine.
I have encountered another obstacle not sure if you can help.
So like I said we have this structure Managed Deployment where we have 2 Active gates and a load balancer configured to receive external traffic. We also have a WAF layer which intercepts the traffic.
Now what is happening is the WAF has a rule which says block requests of content type text/plain and it seems the Dynatrace beacons are of content type text/plain. As per Dynatrace they say -
"If WAF is complaining about the content type then nothing could be done from dynatrace side
Our beacons are having content type
Content-Type: text/plain; charset=utf-8"
So I am not sure what can we do here? Do we need to change the WAF policy and allow this content type or is there anything we can allow specific to these Dynatrace beacons?
Let me know if you have any thoughts on this.
Best Regards,
Shashank
16 Jun 2021 01:06 PM
You need to configure your WAF policy to pass requests of such Content-Type. The payload is really a Content-Type: text/plain; charset=utf-8