News
Abstract
Using IBM Navigator for i in a Cloud environment requires ability to access using localhost and may have all insecure ports blocked. This document explains how you can configure your IBM i in the cloud for using IBM Navigator for i.
Content
You are in: IBM i Technology Updates > Navigator for i > Documentation on Functional Areas > Connection Properties > Navigator for i in the Cloud
Connection Properties topics:
- GUI Preferences
- TLS Override
- Localhost Override - Navigator for i in Cloud environment
- Authentication: Access Authorization
- TLS Connection
Navigator for i in a Cloud environment:
Verify these items are completed to run Navigator in a cloud environment:
1. Make sure fully qualified system/partition/node DNS name is in TCP/IP Host Table and TCP/IP Domain. This will used for the system name on the IBM Navigator dashboard. If this is not set, you will be connected to "localhost". We cannot use the request header system name for security reasons.
2. Prepare for ssh tunneling and using localhost (steps below).
3. Shut down all insecure ports (if needed).
Prepare for ssh tunneling and using localhost
The Localhost override will disable checks for requests coming from localhost. This allows navigator to work with port forwarding and tunneling.
When turned on, the localhost override will disable checks for requests coming from localhost. This allows Navigator to work in environments that use port forwarding and tunneling. Turn this on if you have trouble connecting to Navigator and have set up port forwarding or are in a cloud environment using ssh tunnel and localhost.
This can be done in two ways:
- On the GUI node set Configuration Properties (which requires ability to access IBM Navigator for i through the GUI so will not work for initial cloud configuration)
- Manually modify the preferences file to set localhostOverride to true - /qibm/userdata/os400/Navigator/preferences/pIgMiytjMDLAhlQ1m+wcBQ==
- Edit preferences file (name: pIgMiytjMDLAhlQ1m+wcBQ==) found here: /qibm/userdata/os400/Navigator/preferences
- Add "localhostOverride":true or if it exists with value set to false, change to true. Your file will then look something like this:
- {"prefDirAdjustedRel":460288,"globalTLSList":[],"tlsOverride":false,"localhostOverride":true}
- Add "localhostOverride":true or if it exists with value set to false, change to true. Your file will then look something like this:
- If the file does not exist, create "pIgMiytjMDLAhlQ1m+wcBQ==" (CCSID 819) with the contents:
-
▼{"prefDirAdjustedRel":459776,"globalTLSList":[],"tlsOverride":false,"localhostOverride":true}
-
- Edit preferences file (name: pIgMiytjMDLAhlQ1m+wcBQ==) found here: /qibm/userdata/os400/Navigator/preferences
CHGATR OBJ('/qibm/userdata/os400/navigator/preferences/pIgMiytjMDLAhlQ1m+wcBQ==') ATR(*CCSID) VALUE(819)
CHGOWN obj('/qibm/userdata/os400/Navigator/preferences/pIgMiytjMDLAhlQ1m+wcBQ==') newown(QWEBADMIN)
CHGAUT obj('/qibm/userdata/os400/Navigator/preferences/pIgMiytjMDLAhlQ1m+wcBQ==') user(QWEBADMIN) dtaaut(*RWX) OBJAUT(*NONE)
CHGAUT obj('/qibm/userdata/os400/Navigator/preferences/pIgMiytjMDLAhlQ1m+wcBQ==') user(*PUBLIC) dtaaut(*EXCLUDE) OBJAUT(*NONE)
- Restart ADMIN1 server:
-
ENDTCPSVR *IAS INSTANCE(ADMIN1) STRTCPSVR *IAS INSTANCE(ADMIN1)
-
Shut down all insecure ports
For successful access from the Cloud, you may need to block all insecure ports.
First you will need to log in to Navigator with insecure ports enabled. Then configure TLS and after all steps are completed, block insecure ports.
[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CH1AAM","label":"IBM Navigator for i"}],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0;7.4.0;and future releases"}]
Was this topic helpful?
Document Information
Modified date:
12 June 2025
UID
ibm17186025