Allow Polling Tentacles to contact Octopus on 443 or 80 ports
There is two cases at customer sites, where I have set up Polling Tentacles. I guess the whole design idea of these Polling Tentacles is to ease setup for closed environments and to have to avoid opening Firewall each and every time.
However, since the Polling Tentacle is connecting back on port 10943 instead of port 80 or port 443, in both cases I have had to ask the customer to open outbound port 10943, which is annoying and time consuming.
Would you consider changing the Polling Tentacle to talk back to the Octopus Deploy server in some of the next releases so it uses ports 80 and 443 only? This would really make it work the I assume it was designed for.
We have started a beta of a feature that allows communications over a shared HTTPS port and expect it to release it early April 2017, in version 3.12.0.
Even without this feature, it is possible to changed the listening port by running the following command (https://octopus.com/docs/administration/server-configuration-and-file-storage):
Octopus.Server.exe configure —commsListenPort 10944
When configuring the tentacle, the server-comms-port option can be used to specify this new port (https://octopus.com/docs/api-and-integration/tentacle.exe-command-line/poll-server)
However there is a restriction that the Octopus Web UI can’t run on the same port as the comms listen port. Octopus can however be configured to run on just 443 (HTTP) and the comms port on 80 (or in reverse). NB even though comms runs on port 80, it would still use TLS in it’s communication.
Tom Kring commented
I have the same problem. The result of this limitation is I have to go through a bureaucratic IT process to get this port opened every time we add a new tentacle.
This is also a big limitation for us also, the benefit of the Polling tentacles was to get away from the need for specialised port requests from network teams.
I realise this is possible from altering the installation scripts, but it would be nice if this was configurable on the installer itself.
Bruce Foust commented
Just make it configurable so we can use any port we would like. Default to port 10943 but allow us to change it as needed.
Jules Clements commented
We have abandoned octopus due to this limitation. We're an on-premise build with many clouds to deploy to. We needed an agent that could "reach out" and get its updates but non standard ports (i.e. other than 80 and 443, like 10943) is forbidden. Please implement as web service on sub context in the URL.
Yes, and troubles get even bigger if there should be a load balancer or proxy between.