Octopus Deploy Documentation

Polling Tentacles over port 443

Last updated

Polling Tentacles usually communicate with Octopus Server over TCP port 10943. If your network configuration prevents outbound connections from your Tentacles on non-standard ports, you can configure Tentacle to use port 443 (HTTPS).

Note: Configuring polling tentacles over port 443 via HTTPS described here does not use WebSockets. For more information on that topic, see Polling Tentacles over WebSockets.

The procedure for configuring Polling Tentacles to use port 443 varies based upon your chosen method of hosting Octopus Server.

Octopus Cloud

The setup of a Polling Tentacle for an Octopus Cloud instance over port 443 is the same as a Polling Tentacle over port 10943, except when registering the Tentacle. Change the register-with and register-worker commands:

  • Omit the --server-comms-port parameter.
  • Specify the --server-comms-address <address> parameter.
    • The address to use is your Octopus Cloud instance URL prefixed with polling. (e.g. https://polling.<yoururl>.octopus.app).

Registering a new Tentacle

.\Tentacle register-with --instance MyInstance --server "https://<yoururl>.octopus.app" --server-comms-address "https://polling.<yoururl>.octopus.app" --comms-style TentacleActive --apiKey "API-YOURKEY" --environment "Test" --role "Web"

Changing an existing Tentacle

.\Tentacle service --instance MyInstance --stop
.\Tentacle configure --reset-trust
.\Tentacle register-with --instance MyInstance --server "https://<yoururl>.octopus.app" --server-comms-address "https://polling.<yoururl>.octopus.app" --comms-style TentacleActive --apiKey "API-YOURKEY" --environment "Test" --role "Web"
.\Tentacle service --instance MyInstance --start

Registering a new Worker

.\Tentacle register-worker --instance MyInstance --server "https://<yoururl>.octopus.app" --server-comms-address "https://polling.<yoururl>.octopus.app" --comms-style TentacleActive --apiKey "API-YOURKEY" --workerpool MyWorkerPool

Changing an existing Worker

.\Tentacle service --instance MyInstance --stop
.\Tentacle configure --reset-trust
.\Tentacle register-worker --instance MyInstance --server "https://<yoururl>.octopus.app" --server-comms-address "https://polling.<yoururl>.octopus.app" --comms-style TentacleActive --apiKey "API-YOURKEY" --workerpool MyWorkerPool
.\Tentacle service --instance MyInstance --start

Self-hosted

For self-hosted installations of Octopus Server, you will require additional network configuration and/or services to support the use of Polling Tentacles, Octopus Web Portal and REST API all over port 443.

A reverse proxy (e.g. NGINX) can be set up either on the machine or a machine/appliance that fronts it. The reverse proxy would inspect connections coming in on the same port and decide which backend port to forward them to.

The proxy could differentiate the connections based on:

  • Hostname (TLS SNI)
  • IP Address

This reverse proxy must pass-through all Tentacle traffic as SSL offloading is not supported.

For example, using TLS SNI you will require:

  • A new DNS record dedicated for Polling Tentacle traffic.
    • This will be used when registering your Workers and Tentacles (i.e. --server-comms-address https://<your-polling-url>)
  • A reverse proxy rule to redirect inbound traffic on port 443 on the new DNS record to port 10943 on your Octopus Server.

The setup of a Polling Tentacle for your self-hosted instance over port 443 is the same as a Polling Tentacle over port 10943, except when registering the Tentacle. Change the register-with and register-worker commands:

  • Omit the --server-comms-port parameter.
  • Specify the --server-comms-address <address> parameter.
    • The address to use is your new DNS record (e.g. https://<your-polling-url>/).

Learn more

For further reading on the installation and configuration of Tentacle:

Need support? We're here to help.