Tentacle communication modes

Octopus and Tentacles can be configured to communicate in two different ways depending on your network setup. The mode you are using will change the installation process slightly.

In listening mode, Tentacle will listen on a TCP port (10933 by default). When a package needs to be deployed, Octopus connects to the Tentacle service on that port.

In listening mode Tentacle is the TCP server, and Octopus is the TCP client.

Octopus to Listening Tentacle communication

When choosing a communication mode, we recommend Listening mode when possible.

Listening mode uses the least resources (listening on a TCP port is cheaper than actively trying to connect to one). It also gives you the most control (you can use rules in your firewall to limit which IP addresses can connect to the port). Octopus and Tentacle use SSL when communicating, and Tentacle will outright reject connections that aren’t from an Octopus Server that it trusts, identified by an X.509 certificate public key that you provide during setup.

To install and configure Tentacles in listening mode, see either:

Polling Tentacles

In polling mode, Tentacle will poll the Octopus Server periodically, connecting over a TCP port (10943 by default) to check if there are any tasks for it to perform. Polling mode is the opposite of Listening mode.

For self-hosted, the port Octopus Server uses can be changed from the command line using the --commsListenPort option. For Octopus Cloud, port 443 can be specified when registering the Tentacle with the command line --server-comms-address option.

In polling mode, Octopus is the TCP server, and Tentacle is the TCP client.

Polling Tentacle to Octopus communication

The advantage to Polling mode is that you don’t need to make any firewall changes on the Tentacle side; you only need to allow access to a port on the Octopus Server. The disadvantage is that it also uses more resources on the Tentacle side, since Tentacle needs to poll periodically even if there aren’t any jobs for it to perform.

Polling mode is good for scenarios that involve Tentacles being behind NAT or a dynamic IP address. A good example might be servers at branch offices or a chain of retail stores, where the IP address of each server running Tentacle changes.

To install and configure Tentacles in polling mode, see either:

SSL offloading is not supported

The communication protocol used by Octopus and Tentacle requires intact end-to-end TLS connection for message encryption, tamper-proofing, and authentication. For this reason SSL offloading is not supported.

Proxy servers supported for Tentacle communications

The communication protocol used by Octopus and Tentacle 3.4 and above supports proxies. Read more about configuring proxy servers for Tentacle communications in proxy support.

Help us continuously improve

Please let us know if you have any feedback about this page.

Send feedback

Page updated on Sunday, January 1, 2023