Change server ports
This chapter explains how to change the ports used by the two communication protocols:
HTTPS port used by Windows and Unix nodes (default
cf-serverd port used by Unix nodes (default
All agents and relays must use the same port to communicate, if you change the port on an existing infrastructure you must do it on all machines.
It is currently not possible to change the HTTP port when SELinux is enabled on the system (without a custom SELinux policy).
To change the ports on the Rudder server, edit
/opt/rudder/etc/rudder-web.properties and set the
values of (replace 443 and 5309 by the values you want):
rudder.policy.distribution.port.cfengine=5309 rudder.policy.distribution.port.https=443 rudder.server.relay.api=https://localhost:443/rudder/relay-api
Then restart the server and the agent :
systemctl restart rudder-jetty systemctl restart rudder-agent
Then you need to edit your Rudder virtual host in Apache httpd configuration. Edit
/etc/httpd/conf.d/rudder.conf (depending on your operating system), and modify
Note that you can duplicate the virtual host if you want to keep the API and Web access on port 443 and use another port for agent-server communication.
You may also need to add a directive to listen on the new port:
Then restart the
Server services configuration is now over. You then must follow the next section on your root server too, as it also runs an agent.
The agent cannot know in advance that the server port has changed, so you must declare it when configuring the agent.
To do this, add the port to the server name in your policy server configuration with:
rudder agent policy-server hostname:5309
(or enforce the value in
And configure the HTTPS port in
/opt/rudder/etc/agent.conf (you need to create the file):
You must restart the agent to get its new set of promises and to make sure it listens for remote-run on this specific port :
systemctl restart rudder-agent
← Relayd administration Troubleshooting →