11 Replies Latest reply on Oct 19, 2017 12:59 AM by jkim711

    Change ESXi's SSH and web port

    jkim711 Novice

      Hi

       

      We are using the ESXi without VCenter.

      How can I change ESXi's SSH and web port?

       

      Based  on the link below, it seems like VCenter is needed to do this.

      View Port Settings

       

      Thanks

      Jae Kim

        • 1. Re: Change ESXi's SSH and web port
          hussainbte Expert
          vExpert

          For SSH port check the article:

           

          Change Port 22 SSH on ESXi 6.5

           

          for Web port: port used by vSphere client ot access ESXi host:

           

          http://kb.vmware.com/kb/1021199

          • 2. Re: Change ESXi's SSH and web port
            jkim711 Novice

            We installed VMware-vSphere-CLI-6.0.0-2503617.exe

            And we executed D:\Program Files (x86)\VMware\VMware vSphere CLI\bin\vifs.pl .

            But it said /host/proxy.xml file or directory does not exist.

            Maybe the directory and file changed for ESXi 6.5.

            • 3. Re: Change ESXi's SSH and web port
              jkim711 Novice

              Esxi 5.1 Changing default port 80 and 443

               

              As stated in the link above, we also have access to the SSH.

              We tried browsing through the file system to find a relevant file for changing the web port, but we couldn't find any.

               

              Thanks

              Jae Kim

              • 4. Re: Change ESXi's SSH and web port
                estanev Enthusiast

                Change the proxy settings in:

                 

                /etc/vmware/rhttpproxy/config.xml

                 

                and restart rhttpproxy service:

                 

                /etc/init.d/rhttpproxy restart

                • 5. Re: Change ESXi's SSH and web port
                  hussainbte Expert
                  vExpert

                  I believe estanev is referring to

                   

                  <!-- HTTP port to be used by the reverse proxy -->

                        <httpPort>80</httpPort>

                   

                   

                        <!-- HTTPS port to be used by the reverse proxy -->

                        <httpsPort>443</httpsPort>

                   

                  in the proxy file

                  • 6. Re: Change ESXi's SSH and web port
                    jkim711 Novice

                    I  changed the http and https number into 8080 and 8043. And then I restarted it.

                    But the browser can't  connect to the new port number. I checked if the old port is still be used but the browser can't connect to the old port.

                    I am working if firewall ports needs to be opened.

                    Here is the config.xml

                     

                    <!--  RhttpProxy configuration file for ESX/ESXi -->

                     

                     

                    <config>

                       <!-- the version of this config file -->

                       <version>5.5.0.0</version>

                     

                     

                       <!-- working directory  -->

                       <workingDir>/var/log/vmware/</workingDir>

                     

                     

                       <!-- location to examine for configuration files that are needed -->

                       <defaultConfigPath> /etc/vmware/ </defaultConfigPath>

                     

                     

                       <log>

                          <!-- controls where rolling log files are stored -->

                          <directory>/var/log/vmware/</directory>

                     

                     

                          <!-- name of log file -->

                          <name>rhttpproxy</name>

                     

                     

                          <!-- controls whether logger sends its output to console also -->

                          <outputToConsole>false</outputToConsole>

                     

                     

                          <!-- If true, log to files on disk -->

                          <outputToFiles>false</outputToFiles>

                     

                     

                          <!-- default size(in bytes) of each log file before rolling over to next -->

                          <maxFileSize>524288</maxFileSize>

                     

                     

                          <!-- default number of log files to rotate amongst -->

                          <maxFileNum>8</maxFileNum>

                     

                     

                          <!-- default log level -->

                          <level>verbose</level>

                     

                     

                          <!-- If true, logs to syslog -->

                          <outputToSyslog>true</outputToSyslog>

                     

                     

                          <!-- syslog configuration.  Only used if outputToSyslog is true. -->

                          <syslog>

                             <!-- syslog identifier to use when logging -->

                             <ident>Rhttpproxy</ident>

                     

                     

                             <!-- syslog facility to use when logging -->

                             <facility>local4</facility>

                     

                     

                             <!-- The section header contents are placed in this file at startup.

                                  When vmsyslogd rotates the hostd log file, it logs the content of this

                                  file to syslog. This is being done so that we don't lose context on log

                                  rotations.

                                  IMPORTANT: Value needs to match that in onrotate entry in

                                  vmsyslog.d/hostd.conf

                             -->

                             <logHeaderFile>/var/run/vmware/rhttpproxyLogHeader.txt</logHeaderFile>

                          </syslog>

                       </log>

                     

                     

                       <proxy>

                          <!-- default location of the proxy config file -->

                          <endpoints>/etc/vmware/rhttpproxy/endpoints.conf</endpoints>

                     

                     

                          <!-- HTTP port to be used by the reverse proxy -->

                          <httpPort>8080</httpPort>

                     

                     

                          <!-- HTTPS port to be used by the reverse proxy -->

                          <httpsPort>8043</httpsPort>

                       </proxy>

                     

                     

                       <!-- Remove the following node to disable SSL -->

                       <ssl>

                          <!-- The server private key file -->

                          <privateKey>/etc/vmware/ssl/rui.key</privateKey>

                     

                     

                          <!-- The server side certificate file -->

                          <certificate>/etc/vmware/ssl/rui.crt</certificate>

                     

                     

                          <!-- Client-side CAFile verify location -->

                          <keyStoreFile>/etc/vmware/ssl/castore.pem</keyStoreFile>

                       </ssl>

                     

                     

                       <vmacore>

                          <pluginBaseDir>/lib/</pluginBaseDir>

                          <!-- default thread pool configuration for Posix impl -->

                          <threadPool>

                            <IoMin>2</IoMin>

                            <IoMax>44</IoMax>

                            <TaskMin>2</TaskMin>

                            <TaskMax>18</TaskMax>

                            <!-- Do not set MaxFdsPerThread if hostdMinFds is set above -->

                            <!-- MaxFdsPerThread> 2048 </MaxFdsPerThread -->

                            <NumKeepAlive>8</NumKeepAlive>

                            <ThreadCheckTimeSecs>600</ThreadCheckTimeSecs>

                            <ThreadStackSizeKb>256</ThreadStackSizeKb>

                            <threadNamePrefix>rhttpproxy</threadNamePrefix>

                          </threadPool>

                     

                     

                          <rootPasswdExpiration>false</rootPasswdExpiration>

                     

                     

                          <ssl>

                              <doVersionCheck> false </doVersionCheck>

                              <!-- allowed SSL/TLS protocol versions -->

                              <!-- <protocols>tls1.0,tls1.1,tls1.2</protocols> -->

                              <libraryPath>/lib/</libraryPath>

                          </ssl>

                     

                     

                          <!-- enable plugin loading -->

                          <loadPlugins> false </loadPlugins>

                     

                     

                          <!-- enable/disable the dynamic loading of plugins -->

                          <loadDynamicPlugins> false </loadDynamicPlugins>

                     

                     

                          <!-- Enable/disable the stack tracer -->

                          <!-- <useStackTracer>false</useStackTracer> -->

                     

                     

                          <xml>

                             <doc>

                                <!-- maximum size of each XML message. -->

                                <maxChars>62914560</maxChars>

                                <!-- maximum nodes in of each XML message. -->

                                <maxNodes>524288</maxNodes>

                                <!-- maximum node depth of each XML message. -->

                                <maxDepth>1000</maxDepth>

                             </doc>

                          </xml>

                     

                     

                          <http>

                             <!-- Num of max proxy connections -->

                             <!-- PR 604415: Temporary lower the connections limit to 128 -->

                             <maxConnections> 128 </maxConnections>

                          </http>

                       </vmacore>

                    </config>

                    • 7. Re: Change ESXi's SSH and web port
                      hussainbte Expert
                      vExpert

                      any update after opening the ports on firewall.. the proxy file looks OK.

                       

                      I think you can also try nc command to check if the service is listening on the ports.

                       

                      Testing the vmkernel network performance using the nc command (2052119) | VMware KB

                      • 8. Re: Change ESXi's SSH and web port
                        jkim711 Novice

                        Ooops.

                        I meant I am wondering (not working) if firewall ports needs to be open.

                        Is there firewall on ESXi 6.5?

                         

                        Thanks

                        • 9. Re: Change ESXi's SSH and web port
                          jkim711 Novice

                          I ran the nc command

                           

                          ====================================

                          [root@localhost:~] nc -v -v -l -n 8080 > /dev/null

                          nc: Address already in use

                          [root@localhost:~] nc -v -v -l -n 8043 > /dev/null

                           

                          ====================================

                           

                          It hangs on the second command.

                           

                          As mentioned before it gets a ERR_CONNECTION_TIMED_OUT error for both

                          http://70.60.18.151:8043/

                          http://70.60.18.151:8080/

                           

                          Thanks

                          • 10. Re: Change ESXi's SSH and web port
                            estanev Enthusiast

                            Firewall ports are listed here - /etc/vmware/firewall/service.xml

                             

                            Check this KB for more info how to update it:

                             

                            https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2008226

                            • 11. Re: Change ESXi's SSH and web port
                              jkim711 Novice

                              Hi

                               

                              In the file /etc/vmware/firewall/service.xml

                              I changed the 80 and 443 values into 8080 and 8043.

                               

                              And then I ran the following commands

                              ===========================================

                              [root@localhost:~] esxcli network firewall refresh

                              Connect to localhost failed: Connection failure.

                              [root@localhost:~] /etc/init.d/rhttpproxy restart

                              watchdog-rhttpproxy: PID file /var/run/vmware/watchdog-rhttpproxy.PID does not exist

                              watchdog-rhttpproxy: Unable to terminate watchdog: No running watchdog process for rhttpproxy

                              sh: you need to specify whom to kill

                              VMware HTTP reverse proxy started.

                              [root@localhost:~] nc -v -v -l -n 8043 > /dev/null

                              nc: Address already in use

                              [root@localhost:~] nc -v -v -l -n 8080 > /dev/null

                              nc: Address already in use

                              [root@localhost:~] esxcli network firewall ruleset list

                              Connect to localhost failed: Connection failure.

                              =============================================

                               

                              The browser still returns ERR_CONNECTION_TIMED_OUT

                               

                              Thanks