VMware Cloud Community
jkim711
Contributor
Contributor

Change ESXi's SSH and web port

Hi

We are using the ESXi without VCenter.

How can I change ESXi's SSH and web port?

Based  on the link below, it seems like VCenter is needed to do this.

View Port Settings

Thanks

Jae Kim

Reply
0 Kudos
11 Replies
hussainbte
Expert
Expert

For SSH port check the article:

Change Port 22 SSH on ESXi 6.5

for Web port: port used by vSphere client ot access ESXi host:

http://kb.vmware.com/kb/1021199

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
Reply
0 Kudos
jkim711
Contributor
Contributor

We installed VMware-vSphere-CLI-6.0.0-2503617.exe

And we executed D:\Program Files (x86)\VMware\VMware vSphere CLI\bin\vifs.pl .

But it said /host/proxy.xml file or directory does not exist.

Maybe the directory and file changed for ESXi 6.5.

Reply
0 Kudos
jkim711
Contributor
Contributor

Esxi 5.1 Changing default port 80 and 443

As stated in the link above, we also have access to the SSH.

We tried browsing through the file system to find a relevant file for changing the web port, but we couldn't find any.

Thanks

Jae Kim

Reply
0 Kudos
estanev
Enthusiast
Enthusiast

Change the proxy settings in:

/etc/vmware/rhttpproxy/config.xml

and restart rhttpproxy service:

/etc/init.d/rhttpproxy restart

Reply
0 Kudos
hussainbte
Expert
Expert

I believe estanev is referring to

<!-- HTTP port to be used by the reverse proxy -->

      <httpPort>80</httpPort>

      <!-- HTTPS port to be used by the reverse proxy -->

      <httpsPort>443</httpsPort>

in the proxy file

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
Reply
0 Kudos
jkim711
Contributor
Contributor

I  changed the http and https number into 8080 and 8043. And then I restarted it.

But the browser can't  connect to the new port number. I checked if the old port is still be used but the browser can't connect to the old port.

I am working if firewall ports needs to be opened.

Here is the config.xml

<!--  RhttpProxy configuration file for ESX/ESXi -->

<config>

   <!-- the version of this config file -->

   <version>5.5.0.0</version>

   <!-- working directory  -->

   <workingDir>/var/log/vmware/</workingDir>

   <!-- location to examine for configuration files that are needed -->

   <defaultConfigPath> /etc/vmware/ </defaultConfigPath>

   <log>

      <!-- controls where rolling log files are stored -->

      <directory>/var/log/vmware/</directory>

      <!-- name of log file -->

      <name>rhttpproxy</name>

      <!-- controls whether logger sends its output to console also -->

      <outputToConsole>false</outputToConsole>

      <!-- If true, log to files on disk -->

      <outputToFiles>false</outputToFiles>

      <!-- default size(in bytes) of each log file before rolling over to next -->

      <maxFileSize>524288</maxFileSize>

      <!-- default number of log files to rotate amongst -->

      <maxFileNum>8</maxFileNum>

      <!-- default log level -->

      <level>verbose</level>

      <!-- If true, logs to syslog -->

      <outputToSyslog>true</outputToSyslog>

      <!-- syslog configuration.  Only used if outputToSyslog is true. -->

      <syslog>

         <!-- syslog identifier to use when logging -->

         <ident>Rhttpproxy</ident>

         <!-- syslog facility to use when logging -->

         <facility>local4</facility>

         <!-- The section header contents are placed in this file at startup.

              When vmsyslogd rotates the hostd log file, it logs the content of this

              file to syslog. This is being done so that we don't lose context on log

              rotations.

              IMPORTANT: Value needs to match that in onrotate entry in

              vmsyslog.d/hostd.conf

         -->

         <logHeaderFile>/var/run/vmware/rhttpproxyLogHeader.txt</logHeaderFile>

      </syslog>

   </log>

   <proxy>

      <!-- default location of the proxy config file -->

      <endpoints>/etc/vmware/rhttpproxy/endpoints.conf</endpoints>

      <!-- HTTP port to be used by the reverse proxy -->

      <httpPort>8080</httpPort>

      <!-- HTTPS port to be used by the reverse proxy -->

      <httpsPort>8043</httpsPort>

   </proxy>

   <!-- Remove the following node to disable SSL -->

   <ssl>

      <!-- The server private key file -->

      <privateKey>/etc/vmware/ssl/rui.key</privateKey>

      <!-- The server side certificate file -->

      <certificate>/etc/vmware/ssl/rui.crt</certificate>

      <!-- Client-side CAFile verify location -->

      <keyStoreFile>/etc/vmware/ssl/castore.pem</keyStoreFile>

   </ssl>

   <vmacore>

      <pluginBaseDir>/lib/</pluginBaseDir>

      <!-- default thread pool configuration for Posix impl -->

      <threadPool>

        <IoMin>2</IoMin>

        <IoMax>44</IoMax>

        <TaskMin>2</TaskMin>

        <TaskMax>18</TaskMax>

        <!-- Do not set MaxFdsPerThread if hostdMinFds is set above -->

        <!-- MaxFdsPerThread> 2048 </MaxFdsPerThread -->

        <NumKeepAlive>8</NumKeepAlive>

        <ThreadCheckTimeSecs>600</ThreadCheckTimeSecs>

        <ThreadStackSizeKb>256</ThreadStackSizeKb>

        <threadNamePrefix>rhttpproxy</threadNamePrefix>

      </threadPool>

      <rootPasswdExpiration>false</rootPasswdExpiration>

      <ssl>

          <doVersionCheck> false </doVersionCheck>

          <!-- allowed SSL/TLS protocol versions -->

          <!-- <protocols>tls1.0,tls1.1,tls1.2</protocols> -->

          <libraryPath>/lib/</libraryPath>

      </ssl>

      <!-- enable plugin loading -->

      <loadPlugins> false </loadPlugins>

      <!-- enable/disable the dynamic loading of plugins -->

      <loadDynamicPlugins> false </loadDynamicPlugins>

      <!-- Enable/disable the stack tracer -->

      <!-- <useStackTracer>false</useStackTracer> -->

      <xml>

         <doc>

            <!-- maximum size of each XML message. -->

            <maxChars>62914560</maxChars>

            <!-- maximum nodes in of each XML message. -->

            <maxNodes>524288</maxNodes>

            <!-- maximum node depth of each XML message. -->

            <maxDepth>1000</maxDepth>

         </doc>

      </xml>

      <http>

         <!-- Num of max proxy connections -->

         <!-- PR 604415: Temporary lower the connections limit to 128 -->

         <maxConnections> 128 </maxConnections>

      </http>

   </vmacore>

</config>

Reply
0 Kudos
hussainbte
Expert
Expert

any update after opening the ports on firewall.. the proxy file looks OK.

I think you can also try nc command to check if the service is listening on the ports.

Testing the vmkernel network performance using the nc command (2052119) | VMware KB

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/
Reply
0 Kudos
jkim711
Contributor
Contributor

Ooops.

I meant I am wondering (not working) if firewall ports needs to be open.

Is there firewall on ESXi 6.5?

Thanks

Reply
0 Kudos
jkim711
Contributor
Contributor

I ran the nc command

====================================

[root@localhost:~] nc -v -v -l -n 8080 > /dev/null

nc: Address already in use

[root@localhost:~] nc -v -v -l -n 8043 > /dev/null

====================================

It hangs on the second command.

As mentioned before it gets a ERR_CONNECTION_TIMED_OUT error for both

http://70.60.18.151:8043/

http://70.60.18.151:8080/

Thanks

Reply
0 Kudos
estanev
Enthusiast
Enthusiast

Firewall ports are listed here - /etc/vmware/firewall/service.xml

Check this KB for more info how to update it:

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=20082...

Reply
0 Kudos
jkim711
Contributor
Contributor

Hi

In the file /etc/vmware/firewall/service.xml

I changed the 80 and 443 values into 8080 and 8043.

And then I ran the following commands

===========================================

[root@localhost:~] esxcli network firewall refresh

Connect to localhost failed: Connection failure.

[root@localhost:~] /etc/init.d/rhttpproxy restart

watchdog-rhttpproxy: PID file /var/run/vmware/watchdog-rhttpproxy.PID does not exist

watchdog-rhttpproxy: Unable to terminate watchdog: No running watchdog process for rhttpproxy

sh: you need to specify whom to kill

VMware HTTP reverse proxy started.

[root@localhost:~] nc -v -v -l -n 8043 > /dev/null

nc: Address already in use

[root@localhost:~] nc -v -v -l -n 8080 > /dev/null

nc: Address already in use

[root@localhost:~] esxcli network firewall ruleset list

Connect to localhost failed: Connection failure.

=============================================

The browser still returns ERR_CONNECTION_TIMED_OUT

Thanks

Reply
0 Kudos