To register a new tentacle it is necessary to open port 80 or 443 for the REST-API. Is there a way to allow tentacle registration without also opening the WEB-GUI?
Can I switch off the GUI for an IP/binding or have them on different ports?
You can indeed register a tentacle without using the GUI or port 443/80, however it will not be a seamless process. You can install and configure a Tentacle via the command line, I have included some example configuration commands below (you will need to either replace or remove “Instance” as required, as well as provide the SERVER_THUMBPRINT):
Once those commands have been completed you can then use the API directly on your Octopus server with the Thumbprint of the Tentacle (which is the result of the last line).
Sorry if this isn’t the answer you are looking for, unfortunately any direct calls to your server via the API are via 443 or 80 so full automation isn’t possible without those ports.
Please let me know if you have any other questions we can assist with,
sorry for not being precise enough, but the tentacle registration process is not my problem. We are already using the script you attached.
My problem is that I want to be able to register new tentacles using the script but don’t want to open the GUI to everybody.
In other words: How can I set up my server that tentacle registration by script is possible but nobody can log in through the GUI? A possible solution would be to have separate ports for tentacle registration that would be exposed to the tentacle network and other ports for the GUI that would only be exposed to an internal admin network.
Just a quick update on this one. If you have a firewall that can filter on a per URL basis you could allow traffic that matches the API pattern http://octopus_server/api/* and disallow all other traffic as all of the GUI requests would conform to http://octopus_server/app#/*.
Please let me know if there is anything else we can help with!