We have been doing development and testing in our labs just fine. Then of course take it out to a client… issues.
Env: Our octopus server lives in the cloud and the polling tentacles live on servers behind firewalls in client managed datacenters
Symptom: I couldn’t install the client via script. Issue registering during the register machine. I could go through the GUI verify the API key and then select roles and everything like I would expect (through HTTP 443 I guess), the instance would install and also fail to register. Finally, I managed to get access to the Layer 7 firewall …
Cause: I found that the ssl traffic of port 10943 was considered as an unknown application and blocked.
Commentary: While the simple response is “add a rule”. This is one option but this solution is aiming to go into may clients of size and would likely have layer 7 firewalls. Explaining and asking and getting through the change process with security would be very low on my list of things I want to deal with.
What I’d like do: is simply add another IP address to octopus server, get another ssl cert and bind 10943 polling tentacle port to new IP Address and change it to 443 port and poke one hole through the cloud VM firewall on the new IP. Did I miss finding how to do this in the documentation? Please advise if possible and how to do it? if not how else can I solve this? deploy a new node / instance on the same server, to the new ip with no web portal? do I use the same db or new DB? lots of ideas but just not sure the best path.
Thanks in advance.