Can you change the mender client and server port from 9000 to port 80 or 443? Also, do you know if the port 9000 is both outbound and inbound TCP traffic?
Thanks,
– Jorge
I believe that port 9000 is only used for outbound traffic.
I will leave it to someone else to comment of feasibility to change port.
Depending from the setup mender-api-gateway listens on 80 and 443 (in some setup listens only 443), traffic from 80 is redirected to 443. Port 9000 is used by Minio (through storage-proxy) which is S3 compatible storage (where artifacts are stored).
deployments service uploads artifacts to port 9000 and clients download artifacts from port 9000, so, it’s used for both inbound and outbound TCP traffic. The traffic is ssl encrypted.
If needed port 9000 can be changed to any other.
Can you please clarify for what purpose port 9000 is used?
I was expecting that only port 443 will be used between the Mender client (part of the IoT device) and the Internet.
Hi @shainert.israel that is the port used for actual file downloads. If you use the Mender docker-compose setup with integrated Minio storage proxy, then a separate port is used to avoid clashing with the API gateway. If you modify it to use S3 directly, then your Mender clients will communicate with the API gateway on your server IP but then for actual artifact downloads, they will use an aws.amazon.blah URL which may or may not be port 9000.
Sounds like you can change the port, but not sure how you would on the client side. Does anyone have any link to documentation to change the client default port? Or will the client talk to the server and it get’s re-routed the correct server and port? So, if you change it to aws server on port 443, then the server will tell the client to go to aws on port 443 vs going to local server on port 900? Anyways, thanks for the info.
If i recall, the gateway api hands back to the client a URI to the file to be downloaded. You could test it via the rest api before and after port change to make sure the port is included in the URI. if the port is missing then its probably a bug that needs to be reported. I believe there is example usage with curl/wget in the mender docs.
https://docs.mender.io/2.2/apis/open-source/device-apis/deployments#device-deployments-next-get
https://docs.mender.io/2.2/server-integration/using-the-apis
As @dellgreen mentioned, the server will provide an URL to the client which includes the port so there should not be any changes needed on the client.
hello @ikkysleepy,
can you report if this succeeded on port 80 or not? i tried this and the mender deployments container broke
Greets Gene
Looks like there was never a final response as to how this worked, but I have to do the exact same thing as we do not allow port 9000 on our reverse proxy. I’ll let you know.
We never switched the port. Not sure if you guys got it to work.