KBEC-00041 - CloudBees CD (CloudBees Flow) TCP port usage - diagram and descriptions

Article ID:360033194811
3 minute readKnowledge base

Description

Customers may frequently have firewalls between the many CloudBees CD (CloudBees Flow) components, especially in large, multi-geographical deployments. This diagram and table describes all TCP ports used in an CloudBees CD installation. You can click on the below image to enlarge the diagram.

Normally the Server opens up a port for listening and the client connects to the port to make requests.

5d69867fd2221.png

This table summarizes TCP port usage

TCP Port Description Server Client Encryption Comment

22

Universal (proxy) agent

proxy agent

proxy target

SSL encrypted by default

default when used

25

mail

SMTP mail server

Flow Server

default

80

web browser

Apache

user

Clear text

138

SMB/CIFS

Workspace Storage

Flow Agent/Apache

optional

139

SMB/CIFS

Workspace Storage

Flow Agent/Apache

optional

389

Active Directory or LDAP server

Active Directory or LDAP

Flow Server

default

443

web browser

Apache

user

Server configurable, SSL encrypted by default

445

SMB/CIFS

Workspace Storage

Agent/Apache

optional

465

mail

SSMTP mail server

Flow Server

default

636

Active Directory or LDAP server

Active Directory or LDAP

Flow Server

default

1433

database

SQL Server

Flow Server

default when used

1521

database

Oracle

Flow Server

default when used

2049

NFS

Workspace Storage

Flow Agent and Apache

optional

3306

database

MySQL

Flow Server

default when used

6800

Local Agent

Apache/Repo server

Flow Agent

Agent configurable

default added in 4.2

7800

Access to Agent

Flow Server / Gateway Agent

Flow Agent / Gateway Agent

Agent configurable, encrypted by default

default must be open bidirectionally

8000

Access to Flow Server

Apache/ectool/Perl API/Agent

Flow Server

Must be open for agent installations that register resource

8200

Repository server

User

Repository server

SSL encrypted by default

default added in 4.0

8443

Access to Server (SSL)

Flow Server

Apache/ectool/Perl API

Server configurable - SSL encrypted by default

If a step running in agent has ec-perl or ectool commands , then the request is sent to https://:8443/commanderRequest A step running in agent will not complete unless 8443 is opened from agent back to Flow server. The agent has to send the to Flow server port 8443 , to notify that the server of the outcome of the step run ( success or failure) .

61613

Preflight file transfer

Flow Server / Gateway Agent

user/Agent/Gateway Agent

encrypted using stomp+SSL

optional Must be bi-directional if need to transfer files from A to B and B to A

5445

Hornetq / ActiveMQ

Only when Flow Server is clustered

Peer Flow Server in the cluster

Only when Flow Server is clustered

5446-5449

JGroups

Only when Flow Server is clustered

Peer Flow Server in the cluster

Only when Flow Server is clustered. 2 for TCP and 2 for Failure detection that accounts for the 4 JGroups ports.

8900

Database

MariaDB

Flow Server

Built-in database in Electric Flow Server 8.3 onwards

9200

DevOps Insight Server Ports

DevOps Insight Server

DevOps Insight server to retrieve data from Elasticsearch

9300

Only when Elasticsearch service is clustered

Peer Elasticsearch in the cluster

Used by the Elasticsearch service for internal communication between nodes within the Elasticsearch cluster

9500

Logstash

Flow Server

Logstash to receive data from ElectricFlow

9600

Logstash

Used by the Logstash service for the Logstash monitoring APIs

Ports used by CloudBees Flow components

Port Used By

8000

CloudBees Flow server

8400

CloudBees Flow server (SSL port)

80

CloudBees Flow web server

7080

CloudBees Flow web server when installed on Linux platforms without root privileges

443

CloudBees Flow web server (SSL port)

7443

CloudBees Flow web server (SSL port) when installed on Linux platforms without root privileges

6800

Port used by the CloudBees Flow agent for HTTP communication on the localhost network interface

7800

CloudBees Flow agents (by default, this is an HTTPS port)

61613

Preflight file transfer port, other file transfer, event notifications, or other messaging

8200

Artifact repository server (by default, this is an HTTPS port)

8900

CloudBees Flow built-in (default) database.

Resolving port conflicts

Windows

From a cmd.exe prompt, use

"netstat -ab"

to show all the current used ports and the executable using the port.

Linux

From a shell prompt, use

"netstat -ap"

to show all the current used ports and the executable using the port.

Applies to

  • Product versions: All

  • OS versions: All