[elastic-agent] Discuss: Default port for fleet-server when no port defined

[ruflin]

The default port for fleet-server is 8220. When enrolling an Elastic Agent with --url=http://localhost the port 8220 is picked by default. The same is the case if https is used. On Cloud, fleet-server is exposed on 443/9243. If in the UI or during enrollment, if not port is specified it does not work by default.

I want to discuss if this is the expected behaviour or if we should default to 80/443 if no port is specified.

[elasticmachine]

Pinging @elastic/agent (Team:Agent)

[ruflin]

@nchaulet Stumbled over this when testing Kibana without a port specified @simitt What is apm-server doing here?

[simitt]

No sure what you mean - the APM Server defaults to 8200 if no port is specified.

[nchaulet]

I the agent is doing the same for ES and Kibana (if you do not specify port it's going to use 5601 as default)

I agree it's confusing, and the port should probably be the default for the protocol 80 or 443. @blakerouse do you think it's something we can change agent side?

Otherwise we probably need to have a fix in Kibana to always explicitly add the port to the agent policy too.

[ruflin]

@simitt What about apm agents. If I just spin up an APM Agent and point it to localhost, will it pick 8200 or 80? I think this is the scenario we have here.

I think we should do both:

• By default point to 80 / 443
• Always add the port by default in Kibana

[ruflin]

I also filed https://github.com/elastic/kibana/issues/98869 which would help to better bubble up this issue.

[simitt]

What about apm agents.

The port needs to be specified in the APM_SERVER_URL when configuring the APM agents; if no URL is configured they send data to http://localhost:8200 by default.

Thanks for opening https://github.com/elastic/kibana/issues/98869. IMO it shouldn't matter which default port the Fleet Server listens to. The URL presented to users via Kibana UI or Cloud UI should always contain the fully qualified URL including the port. For cases where there is a proxy in between, the default port is not even exposed to users.

[ruflin]

@simitt If not url is specified, I understand it is http://localhost:8200. But what if http://localhost or https://localhost is set? If I remember correctly it will default to 80 / 443 and that is what I think should the elastic agent do too.

[ruflin]

@ph @urso @jen-huang I think we should change the default port used (if not port is specified) for fleet-server now to 80/443 as if we do it later, it is a breaking change. Thoughts?

[urso]

I think we should change the default port used (if not port is specified) for fleet-server now to 80/443 as if we do it later, it is a breaking change. Thoughts?

+1 on using default HTTP ports. We still can do breaking changes to fleet-server.

[jen-huang]

Another similar issue elastic/beats#25669 came up where agent defaults to 5601 for Kibana port when there isn't one defined.

On Kibana side we also had to do a fix to always expose Elasticsearch port too https://github.com/elastic/kibana/pull/99240 as agent will default to 9200.

Can we get rid of these default ports altogether?

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)