Change server ports
This chapter explains how to change the ports used by the two communication protocols:
-
HTTPS port used by Windows and Unix nodes (default
443
) -
cf-serverd port used by Unix nodes (default
5309
)
All agents and relays must use the same port to communicate, if you change the port on an existing infrastructure you must do it on all machines. |
Change listening ports on the root server
It is currently not possible to change the HTTP port when SELinux is enabled on the system (without a custom SELinux policy). |
To change the ports on the Rudder server, edit /opt/rudder/etc/rudder-web.properties
and set the
values of (replace 443 and 5309 by the values you want):
rudder.policy.distribution.port.cfengine=5309 rudder.policy.distribution.port.https=443 rudder.server.relay.api=https://localhost:443/rudder/relay-api
Then restart the server and the agent :
systemctl restart rudder-jetty systemctl restart rudder-agent
Then you need to edit your Rudder virtual host in Apache httpd configuration. Edit /etc/apache2/sites-enabled/rudder.conf
or /etc/httpd/conf.d/rudder.conf
(depending on your operating system), and modify
the port:
<VirtualHost *:443>
Note that you can duplicate the virtual host if you want to keep the API and Web access on port 443 and use another port for agent-server communication.
You may also need to add a directive to listen on the new port:
Listen 443
Then restart the apache2
or httpd
service.
Server services configuration is now over. You then must follow the next section on your root server too, as it also runs an agent.
Set connection port on the agents (for nodes, relays, and root server)
The agent cannot know in advance that the server port has changed, so you must declare it when configuring the agent.
To do this, add the port to the server name in your policy server configuration with:
rudder agent policy-server hostname:5309
(or enforce the value in /opt/rudder/etc/policy_server.dat
).
And configure the HTTPS port in /opt/rudder/etc/agent.conf
(you need to create the file):
https_port=443
You must restart the agent to get its new set of promises and to make sure it listens for remote-run on this specific port :
systemctl restart rudder-agent
← Slapd administration Troubleshooting →