Skip to main content
Version: 25.3.0

On-boarding using external HTTPS relays

The functionality described below can be used when an application protected by the Waratek Agent requires SSL configuration that conflicts with the configuration required by the Agent.

The implementation is based on a new feature called a ‘Relay’, which utilizes a separate java process, and therefore can be configured separately.

A relay can be configured for the following services:

  • agent to Portal communication
  • agent to Elasticsearch communication

Portal communication

The functionality for Portal communication is enabled using the following flag :

com.waratek.ControllerRelay=true

No extra changes are required to other flags, in particular other flags that specify the connectivity to the Portal do not need to change.

One optional parameters is also provided, for greater control of the relay:

com.waratek.ControllerRelayPort=<port>

The default value for this flag is 48080

Elasticsearch communication

Note : Elasticsearch communication is only supported in agents v22.2.0 or greater

The functionality for Elasticsearch communication is enabled using the following flag :

com.waratek.ElasticsearchRelay=true

One optional parameters is also provided, for greater control of the relay:

com.waratek.ElasticsearchRelayPort=<port>

The default value for this flag is 49200

Common settings

The settings below are common to both Portal and Elasticsearch communication:

com.waratek.ControllerRelayJavaPath=<path to java executable>

This flag can be used to specify an alternative location of Java executable. By default, the relay will use the same Java path as the application.

If the environment is utilizing custom trust store, the following flags are required :

com.waratek.trustStore=<path-to-truststore>
com.waratek.trustStorePassword=<password-for-truststore>

If the above flags are specified then the following flag will be ignored :

com.waratek.ControllerSSLCertificateValidation=false

So in summary, these settings are mutually exclusive, i.e. if the trust store is provided it will be used, and in this case the relay would never disable certificate validation.