Hi
We are using the ESXi without VCenter.
How can I change ESXi's SSH and web port?
Based on the link below, it seems like VCenter is needed to do this.
Thanks
Jae Kim
For SSH port check the article:
Change Port 22 SSH on ESXi 6.5
for Web port: port used by vSphere client ot access ESXi host:
http://kb.vmware.com/kb/1021199
We installed VMware-vSphere-CLI-6.0.0-2503617.exe
And we executed D:\Program Files (x86)\VMware\VMware vSphere CLI\bin\vifs.pl .
But it said /host/proxy.xml file or directory does not exist.
Maybe the directory and file changed for ESXi 6.5.
Esxi 5.1 Changing default port 80 and 443
As stated in the link above, we also have access to the SSH.
We tried browsing through the file system to find a relevant file for changing the web port, but we couldn't find any.
Thanks
Jae Kim
Change the proxy settings in:
/etc/vmware/rhttpproxy/config.xml
and restart rhttpproxy service:
/etc/init.d/rhttpproxy restart
I believe estanev is referring to
<!-- HTTP port to be used by the reverse proxy -->
<httpPort>80</httpPort>
<!-- HTTPS port to be used by the reverse proxy -->
<httpsPort>443</httpsPort>
in the proxy file
I changed the http and https number into 8080 and 8043. And then I restarted it.
But the browser can't connect to the new port number. I checked if the old port is still be used but the browser can't connect to the old port.
I am working if firewall ports needs to be opened.
Here is the config.xml
<!-- RhttpProxy configuration file for ESX/ESXi -->
<config>
<!-- the version of this config file -->
<version>5.5.0.0</version>
<!-- working directory -->
<workingDir>/var/log/vmware/</workingDir>
<!-- location to examine for configuration files that are needed -->
<defaultConfigPath> /etc/vmware/ </defaultConfigPath>
<log>
<!-- controls where rolling log files are stored -->
<directory>/var/log/vmware/</directory>
<!-- name of log file -->
<name>rhttpproxy</name>
<!-- controls whether logger sends its output to console also -->
<outputToConsole>false</outputToConsole>
<!-- If true, log to files on disk -->
<outputToFiles>false</outputToFiles>
<!-- default size(in bytes) of each log file before rolling over to next -->
<maxFileSize>524288</maxFileSize>
<!-- default number of log files to rotate amongst -->
<maxFileNum>8</maxFileNum>
<!-- default log level -->
<level>verbose</level>
<!-- If true, logs to syslog -->
<outputToSyslog>true</outputToSyslog>
<!-- syslog configuration. Only used if outputToSyslog is true. -->
<syslog>
<!-- syslog identifier to use when logging -->
<ident>Rhttpproxy</ident>
<!-- syslog facility to use when logging -->
<facility>local4</facility>
<!-- The section header contents are placed in this file at startup.
When vmsyslogd rotates the hostd log file, it logs the content of this
file to syslog. This is being done so that we don't lose context on log
rotations.
IMPORTANT: Value needs to match that in onrotate entry in
vmsyslog.d/hostd.conf
-->
<logHeaderFile>/var/run/vmware/rhttpproxyLogHeader.txt</logHeaderFile>
</syslog>
</log>
<proxy>
<!-- default location of the proxy config file -->
<endpoints>/etc/vmware/rhttpproxy/endpoints.conf</endpoints>
<!-- HTTP port to be used by the reverse proxy -->
<httpPort>8080</httpPort>
<!-- HTTPS port to be used by the reverse proxy -->
<httpsPort>8043</httpsPort>
</proxy>
<!-- Remove the following node to disable SSL -->
<ssl>
<!-- The server private key file -->
<privateKey>/etc/vmware/ssl/rui.key</privateKey>
<!-- The server side certificate file -->
<certificate>/etc/vmware/ssl/rui.crt</certificate>
<!-- Client-side CAFile verify location -->
<keyStoreFile>/etc/vmware/ssl/castore.pem</keyStoreFile>
</ssl>
<vmacore>
<pluginBaseDir>/lib/</pluginBaseDir>
<!-- default thread pool configuration for Posix impl -->
<threadPool>
<IoMin>2</IoMin>
<IoMax>44</IoMax>
<TaskMin>2</TaskMin>
<TaskMax>18</TaskMax>
<!-- Do not set MaxFdsPerThread if hostdMinFds is set above -->
<!-- MaxFdsPerThread> 2048 </MaxFdsPerThread -->
<NumKeepAlive>8</NumKeepAlive>
<ThreadCheckTimeSecs>600</ThreadCheckTimeSecs>
<ThreadStackSizeKb>256</ThreadStackSizeKb>
<threadNamePrefix>rhttpproxy</threadNamePrefix>
</threadPool>
<rootPasswdExpiration>false</rootPasswdExpiration>
<ssl>
<doVersionCheck> false </doVersionCheck>
<!-- allowed SSL/TLS protocol versions -->
<!-- <protocols>tls1.0,tls1.1,tls1.2</protocols> -->
<libraryPath>/lib/</libraryPath>
</ssl>
<!-- enable plugin loading -->
<loadPlugins> false </loadPlugins>
<!-- enable/disable the dynamic loading of plugins -->
<loadDynamicPlugins> false </loadDynamicPlugins>
<!-- Enable/disable the stack tracer -->
<!-- <useStackTracer>false</useStackTracer> -->
<xml>
<doc>
<!-- maximum size of each XML message. -->
<maxChars>62914560</maxChars>
<!-- maximum nodes in of each XML message. -->
<maxNodes>524288</maxNodes>
<!-- maximum node depth of each XML message. -->
<maxDepth>1000</maxDepth>
</doc>
</xml>
<http>
<!-- Num of max proxy connections -->
<!-- PR 604415: Temporary lower the connections limit to 128 -->
<maxConnections> 128 </maxConnections>
</http>
</vmacore>
</config>
any update after opening the ports on firewall.. the proxy file looks OK.
I think you can also try nc command to check if the service is listening on the ports.
Testing the vmkernel network performance using the nc command (2052119) | VMware KB
Ooops.
I meant I am wondering (not working) if firewall ports needs to be open.
Is there firewall on ESXi 6.5?
Thanks
I ran the nc command
====================================
[root@localhost:~] nc -v -v -l -n 8080 > /dev/null
nc: Address already in use
[root@localhost:~] nc -v -v -l -n 8043 > /dev/null
====================================
It hangs on the second command.
As mentioned before it gets a ERR_CONNECTION_TIMED_OUT error for both
Thanks
Firewall ports are listed here - /etc/vmware/firewall/service.xml
Check this KB for more info how to update it:
Hi
In the file /etc/vmware/firewall/service.xml
I changed the 80 and 443 values into 8080 and 8043.
And then I ran the following commands
===========================================
[root@localhost:~] esxcli network firewall refresh
Connect to localhost failed: Connection failure.
[root@localhost:~] /etc/init.d/rhttpproxy restart
watchdog-rhttpproxy: PID file /var/run/vmware/watchdog-rhttpproxy.PID does not exist
watchdog-rhttpproxy: Unable to terminate watchdog: No running watchdog process for rhttpproxy
sh: you need to specify whom to kill
VMware HTTP reverse proxy started.
[root@localhost:~] nc -v -v -l -n 8043 > /dev/null
nc: Address already in use
[root@localhost:~] nc -v -v -l -n 8080 > /dev/null
nc: Address already in use
[root@localhost:~] esxcli network firewall ruleset list
Connect to localhost failed: Connection failure.
=============================================
The browser still returns ERR_CONNECTION_TIMED_OUT
Thanks