Configure ActiveGate

Whenever you need to configure an ActiveGate setting (for example, proxy, port, or memory dumps), do this in the custom.properties file and then restart ActiveGate. The custom.properties file is located in the ActiveGate configuration directory.

The custom.properties file is preserved during ActiveGate upgrade; it's copied in its entirety from your existing installation to the new one.

Keep in mind that custom.properties takes precedence over config.properties. Therefore, if a setting occurs in both files, the value of the setting in the custom.properties file will take precedence. Also, command line settings (if any) take precedence over those stored in custom.properties.

The ActiveGate properties that you can configure are described in the following tables. These properties are applicable for both Environment ActiveGates and Cluster ActiveGates.

Section: [connectivity]

Property Default value Description
dnsEntryPoint unset Define the entry point for the ActiveGate (for example, https://sg1.mydomain.com:9999). Via this URL, the ActiveGate is accessed by Dynatrace OneAgent. If not set, an auto-detected endpoint will be used. This entry can be used if the ActiveGate is accessed via, for example, an external IP address or load balancer. Depending on your ActiveGate deployment, make sure you use the right prefix, http or https, otherwise your OneAgents won't be able to connect.

Section: [com.compuware.apm.webserver]

Property Default value Description
port-ssl 9999 The port where the ActiveGate listens for traffic from
OneAgent—used for HTTPS connection.
port unset The port where the ActiveGate listens for traffic from
OneAgent—used for HTTP connection. It is disabled by default.
On Linux, a value > 1024 is recommended, to ensure no root
privileges are required.
ssl-protocols TLSv1.2 Supported SSL protocols. Can be one or a list of the following values:
TLSv1, TLSv1.1, TLSv1.2
excluded-ciphers unset List of additionally excluded ciphers (ciphers are defined by a substring
matching at least a part of the cipher name, for example _DHE_)
ActiveGate version 1.165+ certificate-file unset Path to PKCS#12 file containing certificates to be used by ActiveGate web server. Please also see Configuration of custom SSL certificate on ActiveGate.
ActiveGate version 1.165+ certificate-password unset Password to open the certificate file.
ActiveGate version 1.165+ certificate-alias unset Friendly name of the certificate in the PKCS#12 file.

Section: [http.client]

For details on proper use of [http.client] properties, see Setting up proxy for ActiveGate.

Property Default value Description
proxy-server unset Proxy server address
proxy-port unset Proxy port (numeric)
proxy-scheme unset Proxy scheme (http or https)
proxy-user unset Proxy user name (optional)
proxy-password unset Proxy password (optional).
The password provided in the proxy-password property
is obfuscated following ActiveGate restart and the obfuscated password
is stored in the proxy-password-encr property.

Section: [http.client.external]

The Dynatrace Cloud Foundry and Kubernetes monitoring integrations require the scheme [http.client.external] to configure a proxy for communication with the respective API. You can also use this section to configure a proxy for a private synthetic monitor, however proxy authentication isn't supported for private browser monitors. Following configuration, don't forget to restart the ActiveGate service.

Property Default value Description
proxy-server unset Proxy server address
proxy-port unset Proxy port (numeric)
proxy-scheme unset Proxy scheme (http or https)
proxy-user unset Proxy user name (optional)
proxy-password unset Proxy password (optional).
The password provided in the proxy-password property
is obfuscated following ActiveGate restart and the obfuscated password
is stored in the proxy-password-encr property.

If you're using self-signed certificates for communication to external APIs (for example, for the Dynatrace Cloud Foundry and Kubernetes APIs) you can either (Option 1) add the certificate to the truststore or (Option 2) disable the certificate validation in the custom.properties file.

Section: [collector]

Property Default value Description
MSGrouter true ActiveGate enables routing of OneAgent and other ActiveGate traffic through Dynatrace.
ActiveGate version 1.159 or earlier VMwareAgentEnabled Environment ActiveGate: true;
Cluster ActiveGate: true
ActiveGate can be used to monitor VMware. The value of this property isn't respected by Environment ActiveGate, which can be used to monitor VMware.
ActiveGate version 1.159 or earlier AWSAgentEnabled Environment ActiveGate: false;
Cluster ActiveGate: true
Forces this ActiveGate to ignore dynatrace agent traffic.
This setting is required to retrieve CloudTrail logs that are stored in AWS S3 buckets.
LogDiskBufferPath /tmp/diskbuffer Local path for log buffer.
The property default may be different depending on the operating system.
restInterface true ActiveGate can be used to access the Dynatrace REST API. To use your ActiveGate to make API calls with this feature, the URL must follow this pattern: https://<GATEWAY>/e/<ENVIRONMENT>/api/v1/time
ActiveGate version 1.149 or earlier enableHttpChecks false HTTP Monitors in ActiveGate. For later releases, see ActiveGate configuration for HTTP monitors
DumpSupported false ActiveGate allows you to temporarily store memory dumps from OneAgent. Additional configuration in section [dump] is required.
ActiveGate version 1.169+ trustedstore unset Your trusted keystore (optional). The property trustedstore should contain the path to the file holding trusted certificates. That path should be relative to the ActiveGate SSL directory. Please also see Configuration of trusted root certificates on ActiveGate.
ActiveGate version 1.169+ trustedstore-password changeit Password of your trusted keystore (optional) which is encrypted during ActiveGate start. The obfuscated password is then stored in trustedstore-password-encr.
ActiveGate version 1.169+ trustedstore-type JKS Java default format of key and certificate databases (optional). The second supported format is PKCS12.

Section: [aws_monitoring]

ActiveGate version 1.161+

Property Default value Description
aws_monitoring_enabled Environment ActiveGate: false;
Cluster ActiveGate: true
Forces this ActiveGate to ignore Dynatrace OneAgent traffic.
This setting is required to retrieve CloudTrail logs that are stored in AWS S3 buckets.

Section: [vmware_monitoring]

ActiveGate version 1.161+

Property Default value Description
vmware_monitoring_enabled Environment ActiveGate: true;
Cluster ActiveGate: true
ActiveGate can be used to monitor VMware. The value of this property isn't respected by Environment ActiveGate, which can be always used to monitor VMware.

Section: [synthetic]

ActiveGate version 1.151+

Property Default value Description
enable_synthetic false in the Default deployment mode. true in the Synthetic monitoring deployment mode. Enables this ActiveGate to execute synthetic monitors in private locations. Note that starting with ActiveGate version 1.159, changing this property to true works only if you earlier ran a clean installation of your ActiveGate and selected Synthetic monitoring as a deployment mode. If you installed the ActiveGate in the Default deployment mode and then set this proporty to true, you won't be able to use this ActiveGate for synthetic monitoring. In such case, you must reinstall the ActiveGate enabling the Synthetic monitoring deployment mode. For more information, see Installing synthetic-enabled ActiveGate

Section: [dump]

Property Default value Description
dumpDir dump Valid path of the storage directory used for dump storage
maxSizeGb 100 Storage quota in GBs. If full, the oldest dumps are overwritten until enough space is available to store a new dump.
maxAgeDays 7 Maximum age of a memory dump in days until the dump is automatically overwritten
maxConcurrentUploads 5 Maximum number of concurrent dump uploads from OneAgents
downloadUrl unset A custom download URL (for example, if ActiveGate is behind a load balancer or if ActiveGate only detected an IP address but the customer wishes to have a FQDN). The URL must contain the correct schema and port.