We want to prevent access to the Foglight console on port 8080. We would like to modify the Foglight http port value or simply forbid http access and use https access. We have 500 FglAMs and we don't want to manually change the settings on each of the FglAMs.
We have the following questions:
Question 1). Is there a supported way to forbid HTTP access via the browser or modify the default http port 8080, but at the same time keep the existing remote fglams working without changes to their http/https connection settings?
Question 2). Is there a way to automate changes to the ports used by the FglAMs so that modifying them won't be so time intensive?
RESOLUTION:
Question 1). Is there a supported way to forbid HTTP access via the browser or modify the default http port 8080, but at the same time keep the existing remote fglams working without changes to their http/https connection settings?
Answer 1). Any changes to the http or https made for the Foglight console access will also impact the FglAMs.
An OS level Firewall could be utilized to prevent access to 8080 from anything other than the known monitored Networks (disable client access). Users will be able to access the Foglight console through the https port. As long as "server.console.httpsonly" is set to false the FglAMs will still be able to access the FMS at port 8080.
Question 2). Is there a way to automate changes to the ports used by the FglAMs so that modifying them won't be so time intensive?
A switch is included in the command-line fglam config tool to delete the reference to the existing fms from the fglam.config.xml file (see fglam --help). Users could can a script to stop the fglam, remove the existing <http-upstream> entry, and replace it with a new <https-upstream> entry, and restart fglam.
© ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz Cookie Preference Center