Forum Discussion
NimbostratusChanging Default GUI HTTPS port
Hi All,
I'm pretty new to the world of F5's but have been recently tasked with running with a proof of concept for a new project we've got running. One of the idealistic requirements i've been tasked to look at is changing the default HTTPS port for the GUI.
I've been looking around the documentation but haven't as yet tracked anything down. Is it possible to change the default port the management interface listens on & if so is there any documentation available that can point me to the correct way to achieve it?
Thanks
Lee.
1 Reply
- Kevin_Stewart
Employee
You can manually edit the /var/run/config/httpd.conf.d/ssl.conf file to change the management GUI's port, but that will usually be reset on config reload and reboots. Otherwise there are no settings in TMSH to change the management GUI's port.
There is one other approach that may work though.
-
Create a VIP on the desired port, apply client and server SSL profiles, and this iRule:
when CLIENT_ACCEPTED { node 127.0.0.1 443 } -
In tmsh remove allow access to httpd from anything other than localhost:
tmsh modify sys httpd allow replace-all-with { 127.0.0.1 }
Direct access to the management IP and default port will be denied/forbidden. If you ever break the VIP and/or lose access to the management GUI through this VIP, simply unlock the httpd allow:
tmsh modify sys httpd allow replace-all-with { all } -
