The Blue Medora Nozzle for PCF is a Cloud Foundry component that is required by the management pack in order to connect to the Cloud Foundry Loggregator Firehose. It exposes PCF metrics via a RESTful API.


Recommended Deployment Method: Blue Medora Nozzle for PCF Tile

Other Deployment Methods

Other deployment methods include:

  • Cloud Foundry CLI method
  • Clone from github method
  • BOSH CLI method

Cloud Foundry CLI method

  • Install the Cloud Foundry Command Line Interface (cf-cli) available from the Cloud Foundry CLI github repository.
  • To deploy the nozzle, you must configure the manifest.yml, which is set up in a default configuration to be deployed as a cf app, as follows:
    • The BM_WEBSERVER_USE_SSL environment variable in the manifest.yml must be set to false during a cf app deployment as internal cloud foundry communication does not use SSL.

      Note: We also recommend keeping the BM_STDOUT_LOGGING environment variable as true ; otherwise, the log files may grow quickly and use up the allocated disk space.
  • Once the manifest.yml has been configured, run cf push from the cf-cli to install as a cf app.

Clone from github method

  • Install the Go programming language (version 1.6+) on a machine that can connect to the Traffic Controller.
  • To deploy the nozzle, run the following command, which clones the nozzle files and dependencies from the github repo and sets them up in your Go environment:

    go get

BOSH CLI method

Configure the Nozzle

Complete the following tasks to configure the nozzle once it has been deployed:

Caution: The following configuration sub-topics are not applicable to the r ecommended deployment method: Blue Medora Nozzle for PCF Tile (see: above). 

All "Other" deployment methods must following the configuration tasks outlined below.

  • Configure the bluemedora-firehose.nozzle.json file
  • Generate SSL Certificates

Configure the bluemedora-firehose.nozzle.json file

To configure the Blue Medora Nozzle for PCF after deployment, modify the bluemedora-firehose-nozzle.json file (located in the configfolder of the nozzle files) as follows:

Field Description

The UAA login URL of the Cloud Foundry deployment

UAAUsername (UAA Client)

The UAA Client that has access to read from the Loggregator Firehose (See: Blue Medora Nozzle for PCF Credentials (UAA Client) on the page Obtaining Nozzle, Cloud Controller, and BOSH Director Credentials (VMware Tanzu Application Service))

UAAPassword (UAA Client password)

Password for the UAA Client (See: Blue Medora Nozzle for PCF Credentials (UAA Client) on the page Obtaining Nozzle, Cloud Controller, and BOSH Director Credentials (VMware Tanzu Application Service))


The URL for the Traffic Controller. To find the URL, follow the instructions outline at:


The subscription ID of the nozzle. For more information about subscription IDs and nozzle scaling, see:


If true, disables authentication with UAA. Used in lattice deployments


If true, allows insecure connections to the UAA and Traffic Controller endpoints


The amount of time, in seconds, the connection to the firehose can be idle before disconnecting


The amount of time, in seconds, the RESTful API web server will cache metric data. The higher this duration, the less likely the data will be correct for a certain metric as it could hold stale data.


Port to connect to the RESTful API (default: 443)

An example configuration would look similar to the following:

“UAAURL”: “”, “UAAUsername”: “uaa_user”, “UAAPassword”: “password”,
“TrafficControllerURL”: “wss://”, “SubscriptionID”: “bluemedora-nozzle-id”, “DisableAccessControl”: false,
“InsecureSSLSkipVerify”: true, “IdleTimeoutSeconds”: 30,
“MetricCacheDurationSeconds”: 60,
“WebServerPort”: 443

Generate SSL Certificates

The Blue Medora Nozzle for PCF uses SSL for its REST webserver. In order to generate these certificates, run the following command and answer the questions at the prompts:

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem

Run the Nozzle

Once you have deployed and configured the nozzle, you can run it using the following command:

go run main.go