Customer has a policy where all the ports <1024 are blocked on all machines.
This means that the Web UI https port (443) cannot be used and we can only access individual cluster nodes on ports 8020 and 8021. Customer could put a VIP in front to redirect to each cluster node but preference goes to being able to change the cluster port.
I looked in the config.properties file but could not find a ref to 443.
On my local environment I tried changing the Web UI URL to include a different port but that did not seem to work (could be my environment).
Any help on this greatly appreciated.
Solved! Go to Solution.
the server is actually listening on HTTPS 8021, and port 443 is configured as a redirect rule to 8021 via iptables, that's why you don't see it in the configuration. Not sure if the fact that we do not listen on a privileged port is already satisfactory for the customer?
Otherwise, it is possible to disable the firewall (iptables) changes, but I would not recommend this.
If I have 3-node cluster, the cluster UI will be resolved to 3 node IP address as I can see from nslookup. Questions:
1) how the cluster determines to route the UI traffic to which node on port 443? any algorithm?
2) if Users can't access to 2 nodes on port 443 by firewall when the cluster UI is resolved to them, the users' page won't get loaded, correct? or Dynatrace will route the UI traffice to the one that is available?
3) How nginx determines the UI traffic should be routed to which node on port 8021? based on load or something else?