I am trying to setup external docker instances that use a polling tentacle which would comm to Octopus over 10943 I have the firewall natted to the Octopus server with that port open. When I attempt to register the server, it wants port 443 open (or 80) to, what seems like register the server into Octopus. Why the need to speak on the http level? Can’t the tentacle installation/config just comm over the 10943?
I got to this conclusion when I installed the polling tentacle on an internal box and it registered. I would not like to expose the Octopus front page to the internet.
Thanks for getting in touch, and welcome! When a Polling Tentacle is registered, it needs to hit the API first which is what it is doing on either port 80 or 443, but as soon as it’s registered everything else is done over port 10943. This means you could open it just for the registration, then close it as soon as it does and leave just 10943 open. The following doc page goes into a bit more detail on this process.
I hope that helps, and please don’t hesitate to reach out with any further questions.
So there is no way to import that certificate to allow just communication via 10943 as part of the installation script?
We would have these docker instances that get built up and torn down, so they would need to register occasionally. - I guess we could open and close that port when this happens. We will start with that suggestion so we’ll be successful immediately.
Thanks for following up! That’s correct, and I think you would have to do what you’ve mentioned, i.e. temporarily open and then close the port to cover the registration.
Let me know how you go or if you have any other questions going forward.
