Support Questions

teo123 · ‎04-30-2025

Hello,

I need to enable the HSTS header for Cloudera Management Services - Host Monitor Service and Service Monitor Service.

Whilst I managed to do this for all the other services in the cluster using CORE_SETTINGS -> via HTTP Strict Transport Security parameter, this doesn't seem to be applied to Host Monitor Service and Service Monitor Instance from Cloudera Management Services . Is there a way to enable this?

I am running a cloudera manager 7.13.1 with a cloudera runtime 7.3.1.

Thank you so much!

upadhyayk04 · ‎04-30-2025

Hello @teo123

Thanks to you for reaching out to the Cloudera community

I understand that you are looking for disabling HSTS on Host Monitor and Service Monitor. I assume that you are looking for ports 8086 and 8091

Kindly note that, the Port 8086 and 8091 are the debug ports of HMON and SMON which is used for the purpose of troubleshooting.

The same can be disabled by setting the value of port to -1 .
This debug port should not be enabled unless there is some troubleshooting going on in the corresponding service with help of cloudera support. Feel free to disable the ports by setting the values to -1 and restarting Cloudera management services so that tool doesn't detect the port and so on and forth.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

View solution in original post

DianaTorres · ‎04-30-2025

@teo123 Welcome to the Cloudera Community!

To help you get the best possible solution, I have tagged our Cloudera Manager experts @soychago @Rajat_710 who may be able to assist you further.

Please keep us updated on your post, and we hope you find a satisfactory solution to your query.

Regards,

Diana Torres,
Senior Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

upadhyayk04 · ‎04-30-2025

Hello @teo123

Thanks to you for reaching out to the Cloudera community

I understand that you are looking for disabling HSTS on Host Monitor and Service Monitor. I assume that you are looking for ports 8086 and 8091

Kindly note that, the Port 8086 and 8091 are the debug ports of HMON and SMON which is used for the purpose of troubleshooting.

The same can be disabled by setting the value of port to -1 .
This debug port should not be enabled unless there is some troubleshooting going on in the corresponding service with help of cloudera support. Feel free to disable the ports by setting the values to -1 and restarting Cloudera management services so that tool doesn't detect the port and so on and forth.

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

teo123 · ‎04-30-2025

Hello,

Thank you for your answer!

I need to ENABLE HSTS header on all ports in the cluster which are exposed via HTTPS.
But if I understand it correcly, I can safely disable the debug interface. I can’t enable HSTS on the Service and Host Monitoring services, right?

Thank you so much! All the best!

upadhyayk04 · ‎05-01-2025

Hello @teo123

Yes, your understanding is correct

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Support Questions

Enable HSTS header for Cloudera Management Services (Host Monitor Service and Service Monitor Service)