Port 8082 for Tracing

deniska
Participant V

Hi Team,

I have cross-segment architecture where's my management sits in LAN and R+MP on DMZ. Customer is pretty focused on security, and all of the ports (management, UI, and all proxy's are TLS'ed ready). The problem I facing is that from Management UI once developer wants to trace MP on DMZ, we need to open 8082 port to MP, but this port plain HTTP, and customer policy not allows to open that. Any workaround or some-how this port can be SSL?

Thanks,

0 1 210
1 REPLY 1

deniska
Participant V

So after some research, I did the following to make the trace work with SSL port:

1. MP configuration need's to be changed in the way that MP will listen on TLS port (need to configure the port, add JKS, etc).

2. Disable the http.turn.off=true option, so only TLS port will be the management port

After all manipulations , your webserver.properties of the MP need's to look like this:

#Web servers port
http.port=8082
#Comma separated web app names
webapps=api
#SSL configurations
ssl.enabled=true
#http along with https
http.turn.off=true
#if ssl is enabled first two are mandatory
ssl.port=8443
keystore.path=/opt/apigee/customer/application/keystore.jks
#use obfuscated password(of the form:- OBF:xxxxxxxxxx)
keystore.password=OBF:xxxxxxxxxxx

now, 8082 will not listen, instead MS will use 8443 for trace tooling (TLS)