<The CFEngine Blog

How to use a different ports for Mission Portal

Posted by Ihor Aleksandrychiev
November 7, 2024

Out of the box, Mission Portal uses port 80 for HTTP and 443 for HTTPS traffic. These ports are widely used for web services, which makes the initial setup straightforward. However, there are several reasons why you might want to change these default ports:

  • Port conflicts: other services on your system might already be using ports 80 or 443.
  • Security concerns: well-known ports are common targets for attacks.
  • Compliance requirements: your organization’s policies might restrict the use of standard web ports.

Changing default ports

Note: The custom port configuration feature described below is available in CFEngine Enterprise master (nigthlies), 3.25.0 (to be released this winter) or later.

From the Mission Portal

First, you need to open a Hub info page. To do this, you can click on the Hub menu in the top right corner menu.

open_hub_info_page.png

Once you’re on the Hub info page, scroll down until you see the “Host specific data” section. This is where the magic happens!

cmdb_ui.png

Now, let’s add those custom port settings:

  • For HTTPS:
    • Click the “Add variable” button
    • In the name field enter default:cfe_internal_hub_vars.https_port
    • In the value field, enter your desired HTTPS port number.  
  • For HTTP:
    • Repeat the process, but use default:cfe_internal_hub_vars.http_port as the variable name
    • Enter your desired HTTP port number as the value

configured_ports_in_cmdb_ui.png

To apply changes, you can trigger an agent run in the top right corner or just wait until it happens automatically. By default, the agent run interval is 5 minutes. trigger_an_agent_run.png

🎉 And finally, try accessing Mission Portal using the new port in your browser: https://cfengine.hub:8443 (Replace 8443 with your actual HTTPS port number if it’s different)

From CLI

Define needed variables in the augment file def.json at the root of your policy set.

{
  "variables": {
    "default:cfe_internal_hub_vars.http_port": {
      "value": "8080",
      "comment": "Alternate port for Mission Portal HTTP traffic."
    },
    "default:cfe_internal_hub_vars.https_port": {
      "value": "8443",
      "comment": "Alternate port for Mission Portal HTTPs traffic."
    }
  }
}

More about augment files you can read here

Run cf-agent -KIf update.cf && cf-agent -KI to apply the new configuration.

Note: If you have configured Federated reporting and have changed the port number for the feeder, remember to update the feeder’s URL accordingly. Otherwise, it will result in incorrect or failed reporting, as the system will still try to connect using the old port.

Try CFEngine Enterprise for free

Sign up for CFEngine Enterprise and connect up to 25 hosts for free. No credit card required. Get started in minutes.

Try enterprise for free