Customize proxy port ranges

By default, Consul chooses the ports that its proxies use from the sparsely used block of 10001 to 10800.

You can change these ports, but note the following:

  • You must uninstall and reinstall apigee-mtls with the new values.
  • Consul proxies cannot listen on the same ports as Apigee Services.
  • Consul has only one port address space. This means that if proxy A on host A listens on port 15000, then proxy B on host B cannot listen on port 15000.
  • Be sure that you review Apigee port requirements to ensure no collisions occur.

You can customize the ports that are used by the proxies to suit your particular configuration.

Generating a report on port usage

When customizing proxy port ranges, it may be useful to generate a report on the current port assignments. To do so, enter the following command:

apigee-service apigee-mtls report -f silent.conf > port_report.json

This generates a JSON file named port_report.json that contains information about current port usage for each host. You can name the file whatever you wish.

Report structure

Below is a sample showing the structure of the generated report.

{
    "192.168.1.1": {
          "datacenter_member": "dc-1",
     "daemons": {
         "zookeeper-ingress": {
            "ingress": true,
            "name": "zk-2888-192-168-1-1",
            "listeners": [
                {
                   "purpose": "terminate service mesh for zk port 2888",
                   "ip_address": "192.168.1.1",
                   "port": 10001,
                }
            ]
         },
         "consul-server": {
             .
             .
             .
         }
     }
    },
    "192.168.1.2": { }
     .
     .
     .
}

In the example above, the host "zk-2888-192-168-1-1" is assigned port 10001.

Customizing ports used by Apigess mTLS

To customize the ports used by Apigee mTLS:

  1. Uninstall apigee-mtls if it is already installed, as shown below:
    /opt/apigee/apigee-service/bin/apigee-service apigee-mtls uninstall

    For more information, see Uninstall Apigee mTLS.

  2. On each node, open the silent configuration file. For more general information about this file, see Creating a configuration file.

    If you wish, you can run the command shown in Generating a report on port usage before the apigee-mtls setup is complete, to see what your silent configuration file will generate.

  3. Add or change the values of the properties that set the ports.

    The following table lists the ports and provides the names of the properties that you use to customize the ports used by components with Apigee mTLS:

    Node Default Range Description
    Apigee mTLS 10700 to 10799 Each host with an apigee-mtls installation requires a single port in the specified range.

    You define the port by setting the minimum and maximum port number to the same value with the following properties:

    SMI_PROXY_MINIMUM_EGRESS_PROXY_PORT
    SMI_PROXY_MAXIMUM_EGRESS_PROXY_PORT
    Cassandra 10100 to 10199 Each host with an apigee-cassandra installation requires two ports in the specified range.

    You define a custom range by setting the minimum and maximum port numbers with the following properties:

    SMI_PROXY_MINIMUM_CASSANDRA_PROXY_PORT
    SMI_PROXY_MAXIMUM_CASSANDRA_PROXY_PORT
    Message Processor 10500 to 10599 Each host with an apigee-message-processor installation requires two ports in the specified range.

    You define a custom range by setting the minimum and maximum port numbers with the following properties:

    SMI_PROXY_MINIMUM_MESSAGEPROCESSOR_PROXY_PORT
    SMI_PROXY_MAXIMUM_MESSAGEPROCESSOR_PROXY_PORT
    OpenLDAP 10200 to 10299 Each host with an apigee-ldap installation requires one port in the specified range.

    You define the port by setting the minimum and maximum port number to the same value with the following properties:

    SMI_PROXY_MINIMUM_LDAP_PROXY_PORT
    SMI_PROXY_MAXIMUM_LDAP_PROXY_PORT
    Postgres 10300 to 10399 Each host with an apigee-postgres installation requires three ports in the specified range.

    You define a custom range by setting the minimum and maximum port numbers with the following properties:

    SMI_PROXY_MINIMUM_POSTGRES_PROXY_PORT
    SMI_PROXY_MAXIMUM_POSTGRES_PROXY_PORT
    QPid 10400 to 10499 Each host with an apigee-qpid installation requires two ports in the specified range.

    You define a custom range by setting the minimum and maximum port numbers with the following properties:

    SMI_PROXY_MINIMUM_QPID_PROXY_PORT
    SMI_PROXY_MAXIMUM_QPID_PROXY_PORT
    Router 10600 to 10699 Each host with an apigee-router installation requires two ports in the specified range.

    You define a custom range by setting the minimum and maximum port numbers with the following properties:

    RT_PROXY_PORT_MIN
    RT_PROXY_PORT_MAX
    ZooKeeper 10001 to 10099 Each host with an apigee-zookeeper installation requires three ports in the specified range.

    You define a custom range by setting the minimum and maximum port numbers with the following properties:

    SMI_PROXY_MINIMUM_ZOOKEEPER_PROXY_PORT
    SMI_PROXY_MAXIMUM_ZOOKEEPER_PROXY_PORT

    The following example defines custom values for the Cassandra ports:

        SMI_PROXY_MINIMUM_CASSANDRA_PROXY_PORT=10142
        SMI_PROXY_MAXIMUM_CASSANDRA_PROXY_PORT=10143
  4. Save the configuration file.
  5. Install apigee-mtls as described in Install Apigee mTLS.
  6. Configure the apigee-mtls component by using the following command:
    /opt/apigee/apigee-service/bin/apigee-service apigee-mtls setup -f config_file
  7. Repeat these steps for each node in your cluster so that all configuration files are the same across all nodes.