Configure ActiveGate

Whenever you need to configure an ActiveGate setting (for example, proxy, port, or memory dumps), do this in the custom.properties file and then restart ActiveGate. The custom.properties file is located in the ActiveGate configuration directory.

The custom.properties file is preserved during ActiveGate upgrade; it's copied in its entirety from your existing installation to the new one.

Keep in mind that custom.properties takes precedence over config.properties. Therefore, if a setting occurs in both files, the value of the setting in the custom.properties file will take precedence. Also, command line settings (if any) take precedence over those stored in custom.properties.

The ActiveGate properties that you can configure are described in the following tables. These properties are applicable for both Environment ActiveGates and Cluster ActiveGates.

Section: [connectivity]

Property	Default value	Description
`dnsEntryPoint`	unset	Define the entry point for the ActiveGate (for example, `https://sg1.mydomain.com:9999`). Via this URL, the ActiveGate is accessed by Dynatrace OneAgent. If not set, an auto-detected endpoint will be used. This entry can be used if the ActiveGate is accessed via, for example, an external IP address or load balancer. Depending on your ActiveGate deployment, make sure you use the right prefix, `http` or `https`, otherwise your OneAgents won't be able to connect.

Section: [com.compuware.apm.webserver]

Property	Default value	Description
`port-ssl`	`9999`	The port where the ActiveGate listens for traffic from OneAgent—used for HTTPS connection.
`port`	unset	The port where the ActiveGate listens for traffic from OneAgent—used for HTTP connection. It is disabled by default. On Linux, a value > 1024 is recommended, to ensure no root privileges are required.
`ssl-protocols`	`TLSv1.2`	Supported SSL protocols. Can be one or a list of the following values: `TLSv1`, `TLSv1.1`, `TLSv1.2`
`excluded-ciphers`	unset	List of additionally excluded ciphers (ciphers are defined by a substring matching at least a part of the cipher name, for example `_DHE_`)
ActiveGate version 1.165+ `certificate-file`	unset	Path to `PKCS#12` file containing certificates to be used by ActiveGate web server. Please also see Configuration of custom SSL certificate on ActiveGate.
ActiveGate version 1.165+ `certificate-password`	unset	Password to open the certificate file.
ActiveGate version 1.165+ `certificate-alias`	unset	Friendly name of the certificate in the `PKCS#12` file.

Section: [http.client]

For details on proper use of [http.client] properties, see Setting up proxy for ActiveGate.

Property	Default value	Description
`proxy-server`	unset	Proxy server address
`proxy-port`	unset	Proxy port (numeric)
`proxy-scheme`	unset	Proxy scheme (`http` or `https`)
`proxy-user`	unset	Proxy user name (optional)
`proxy-password`	unset	Proxy password (optional). The password provided in the `proxy-password` property is obfuscated following ActiveGate restart and the obfuscated password is stored in the `proxy-password-encr` property.

Section: [http.client.external]

The Dynatrace Cloud Foundry and Kubernetes monitoring integrations require the scheme [http.client.external] to configure a proxy for communication with the respective API. You can also use this section to configure a proxy for a private synthetic monitor, however proxy authentication isn't supported for private browser monitors. Following configuration, don't forget to restart the ActiveGate service.

Property	Default value	Description
`proxy-server`	unset	Proxy server address
`proxy-port`	unset	Proxy port (numeric)
`proxy-scheme`	unset	Proxy scheme (`http` or `https`)
`proxy-user`	unset	Proxy user name (optional)
`proxy-password`	unset	Proxy password (optional). The password provided in the `proxy-password` property is obfuscated following ActiveGate restart and the obfuscated password is stored in the `proxy-password-encr` property.

If you're using self-signed certificates for communication to external APIs (for example, for the Dynatrace Cloud Foundry and Kubernetes APIs) you can either (Option 1) add the certificate to the truststore or (Option 2) disable the certificate validation in the custom.properties file.

Option 1: Add the self-signed certificate to the truststore

ActiveGate version 1.166, 1.167

Add the custom certificate to the trusted.jks file in the sub-directory <activegate-project-dir>/ssl/customkeys.

Please refer to keytool documentation for adding the certificate to a truststore file.

ActiveGate version 1.168+

Add the custom certificate to a custom truststore file (for example, mytrust.jks) in the sub-directory <activegate-project-dir>/ssl and add the following entries in the config/custom.properties file. The entry in the custom.properties file may look like this:

[collector]
trustedstore = mytrust.jks
# the following entries are optional
trustedstore-password = changeit
trustedstore-type = JKS

Please refer keytool documentation for adding the certificate to a truststore file.

Option 2: Disable certificate validation

Disabling certificate validation isn't recommended as it imposes security risks. However, if you still want to disable certificate validation for test environments, you need to disable hostname-verficiation and certificate-validation in the following properties.

Add the following set of parameters to the [http.client.external] scheme of your custom.properties file:

Property	Value	Description
`hostname-verification`	no	Disables the validation of the hostname against the name in the certificate.
`certificate-validation`	no	Disables certificate validation against certificates in the trusted keystore.

Section: [collector]

Property	Default value	Description
`MSGrouter`	`true`	ActiveGate enables routing of OneAgent and other ActiveGate traffic through Dynatrace.
ActiveGate version 1.159 or earlier `VMwareAgentEnabled`	Environment ActiveGate: `true`; Cluster ActiveGate: `true`	ActiveGate can be used to monitor VMware. The value of this property isn't respected by Environment ActiveGate, which can be used to monitor VMware.
ActiveGate version 1.159 or earlier `AWSAgentEnabled`	Environment ActiveGate: `false`; Cluster ActiveGate: `true`	Forces this ActiveGate to ignore dynatrace agent traffic. This setting is required to retrieve CloudTrail logs that are stored in AWS S3 buckets.
`LogDiskBufferPath`	`/tmp/diskbuffer`	Local path for log buffer. The property default may be different depending on the operating system.
`restInterface`	`true`	ActiveGate can be used to access the Dynatrace REST API. To use your ActiveGate to make API calls with this feature, the URL must follow this pattern: `https://<GATEWAY>/e/<ENVIRONMENT>/api/v1/time`
ActiveGate version 1.149 or earlier `enableHttpChecks`	`false`	HTTP Monitors in ActiveGate. For later releases, see ActiveGate configuration for HTTP monitors
`DumpSupported`	`false`	ActiveGate allows you to temporarily store memory dumps from OneAgent. Additional configuration in section [dump] is required.
ActiveGate version 1.169+ `trustedstore`	unset	Your trusted keystore (optional). The property `trustedstore` should contain the path to the file holding trusted certificates. That path should be relative to the ActiveGate SSL directory. Please also see Configuration of trusted root certificates on ActiveGate.
ActiveGate version 1.169+ `trustedstore-password`	changeit	Password of your trusted keystore (optional) which is encrypted during ActiveGate start. The obfuscated password is then stored in `trustedstore-password-encr`.
ActiveGate version 1.169+ `trustedstore-type`	JKS	Java default format of key and certificate databases (optional). The second supported format is `PKCS12`.

Section: [aws_monitoring]

ActiveGate version 1.161+

Property	Default value	Description
`aws_monitoring_enabled`	Environment ActiveGate: `false`; Cluster ActiveGate: `true`	Forces this ActiveGate to ignore Dynatrace OneAgent traffic. This setting is required to retrieve CloudTrail logs that are stored in AWS S3 buckets.

Section: [vmware_monitoring]

ActiveGate version 1.161+

Property	Default value	Description
`vmware_monitoring_enabled`	Environment ActiveGate: `true`; Cluster ActiveGate: `true`	ActiveGate can be used to monitor VMware. The value of this property isn't respected by Environment ActiveGate, which can be always used to monitor VMware.

Section: [synthetic]

ActiveGate version 1.151+

Property	Default value	Description
`enable_synthetic`	`false` in the Default deployment mode. `true` in the Synthetic monitoring deployment mode.	Enables this ActiveGate to execute synthetic monitors in private locations. Note that starting with ActiveGate version 1.159, changing this property to `true` works only if you earlier ran a clean installation of your ActiveGate and selected Synthetic monitoring as a deployment mode. If you installed the ActiveGate in the Default deployment mode and then set this proporty to `true`, you won't be able to use this ActiveGate for synthetic monitoring. In such case, you must reinstall the ActiveGate enabling the Synthetic monitoring deployment mode. For more information, see Installing synthetic-enabled ActiveGate

Section: [dump]

Property	Default value	Description
`dumpDir`	`dump`	Valid path of the storage directory used for dump storage
`maxSizeGb`	`100`	Storage quota in GBs. If full, the oldest dumps are overwritten until enough space is available to store a new dump.
`maxAgeDays`	`7`	Maximum age of a memory dump in days until the dump is automatically overwritten
`maxConcurrentUploads`	`5`	Maximum number of concurrent dump uploads from OneAgents
`downloadUrl`	unset	A custom download URL (for example, if ActiveGate is behind a load balancer or if ActiveGate only detected an IP address but the customer wishes to have a FQDN). The URL must contain the correct schema and port.