ESXi6.7改https连接端口

以下只在ESXi6.7下测试通过,不保证其他版本正常。

改防火墙

由于vmkernel使用的是内存文件系统,配置、日志、补丁都保存在内存中,直接修改防火墙配置文件/etc/vmware/firewall/service.xml会在系统重启后丢失配置。所以我们利用开机加载启动脚本的方式来修改防火墙配置。

1. 新建防火墙配置文件

我们将配置放在esxi的存储器中

cd /vmfs/volumes/datastore1

你会得到类似下面的目录

[root@localhost:/vmfs/volumes/58db5900-c649bd50-8479-d4ae52d01b4e]

新建端口配置文件

vi /vmfs/volumes/datastore1/new-HTTPS.xml
<ConfigRoot>
  <service>
    <id>new-HTTPS</id>
    <rule id='0000'>
      <direction>outbound</direction>
      <protocol>tcp</protocol>
      <port type='dst'>8443</port>
    </rule>
    <rule id='0001'>
      <direction>inbound</direction>
      <protocol>tcp</protocol>
      <port type='dst'>8443</port>
    </rule>
    <enabled>true</enabled>
    <required>false</required>
  </service>
</ConfigRoot>

2. 添加到启动脚本

vi /etc/rc.local.d/local.sh

一定要添加到exit 0的前一行

#Copy the new firewall rule from vmfs place holder to file system
cp /vmfs/volumes/datastore1/new-HTTPS.xml /etc/vmware/firewall/
#refresh firewall rules
esxcli network firewall refresh

保存重启后生效。

不想重启生效就手动运行一下/etc/rc.local.d/local.sh

改端口

进SSH,找到/etc/vmware/rhttpproxy/config.xml

找到:

      <!-- HTTP port to be used by the reverse proxy -->
      <httpPort>80</httpPort>

      <!-- HTTPS port to be used by the reverse proxy -->
      <httpsPort>443</httpsPort>

修改后保存。

      <!-- HTTP port to be used by the reverse proxy -->
      <httpPort>80</httpPort>

      <!-- HTTPS port to be used by the reverse proxy -->
      <httpsPort>8443</httpsPort>

重启服务生效:

/etc/init.d/rhttpproxy restart

参考

https://kb.vmware.com/s/article/2011818?lang=zh_CN
https://kb.vmware.com/s/article/2043564?lang=zh_CN
https://communities.vmware.com/thread/574250
http://blog.51cto.com/wangcx/1619388
https://kb.vmware.com/s/article/2008226?lang=zh_CN
https://communities.vmware.com/thread/567513?tdsourcetag=s_pctim_aiomsg

评论已关闭