Description
Customers may frequently have firewalls between the many CloudBees CD (CloudBees Flow) components, especially in large, multi-geographical deployments. This diagram and table describes all TCP ports used in an CloudBees CD installation. You can click on the below image to enlarge the diagram.
Normally the Server opens up a port for listening and the client connects to the port to make requests.
This table summarizes TCP port usage
TCP Port | Description | Server | Client | Encryption | Comment |
---|---|---|---|---|---|
22 |
Universal (proxy) agent |
proxy agent |
proxy target |
SSL encrypted by default |
default when used |
25 |
SMTP mail server |
Flow Server |
default |
||
80 |
web browser |
Apache |
user |
Clear text |
|
138 |
SMB/CIFS |
Workspace Storage |
Flow Agent/Apache |
optional |
|
139 |
SMB/CIFS |
Workspace Storage |
Flow Agent/Apache |
optional |
|
389 |
Active Directory or LDAP server |
Active Directory or LDAP |
Flow Server |
default |
|
443 |
web browser |
Apache |
user |
Server configurable, SSL encrypted by default |
|
445 |
SMB/CIFS |
Workspace Storage |
Agent/Apache |
optional |
|
465 |
SSMTP mail server |
Flow Server |
default |
||
636 |
Active Directory or LDAP server |
Active Directory or LDAP |
Flow Server |
default |
|
1433 |
database |
SQL Server |
Flow Server |
default when used |
|
1521 |
database |
Oracle |
Flow Server |
default when used |
|
2049 |
NFS |
Workspace Storage |
Flow Agent and Apache |
optional |
|
3306 |
database |
MySQL |
Flow Server |
default when used |
|
6800 |
Local Agent |
Apache/Repo server |
Flow Agent |
Agent configurable |
default added in 4.2 |
7800 |
Access to Agent |
Flow Server / Gateway Agent |
Flow Agent / Gateway Agent |
Agent configurable, encrypted by default |
default must be open bidirectionally |
8000 |
Access to Flow Server |
Apache/ectool/Perl API/Agent |
Flow Server |
Must be open for agent installations that register resource |
|
8200 |
Repository server |
User |
Repository server |
SSL encrypted by default |
default added in 4.0 |
8443 |
Access to Server (SSL) |
Flow Server |
Apache/ectool/Perl API |
Server configurable - SSL encrypted by default |
If a step running in agent has ec-perl or ectool commands , then the request is sent to https://localhost:8443/commanderRequest A step running in agent will not complete unless 8443 is opened from agent back to Flow server. The agent has to send the to Flow server port 8443 , to notify that the server of the outcome of the step run ( success or failure) . |
61613 |
Preflight file transfer |
Flow Server / Gateway Agent |
user/Agent/Gateway Agent |
encrypted using stomp+SSL |
optional Must be bi-directional if need to transfer files from A to B and B to A |
5445 |
Hornetq / ActiveMQ |
Only when Flow Server is clustered |
Peer Flow Server in the cluster |
Only when Flow Server is clustered |
|
5446-5449 |
JGroups |
Only when Flow Server is clustered |
Peer Flow Server in the cluster |
Only when Flow Server is clustered. 2 for TCP and 2 for Failure detection that accounts for the 4 JGroups ports. |
|
8900 |
Database |
MariaDB |
Flow Server |
Built-in database in Electric Flow Server 8.3 onwards |
|
9200 |
DevOps Insight Server Ports |
DevOps Insight Server |
DevOps Insight server to retrieve data from Elasticsearch |
||
9300 |
Only when Elasticsearch service is clustered |
Peer Elasticsearch in the cluster |
Used by the Elasticsearch service for internal communication between nodes within the Elasticsearch cluster |
||
9500 |
Logstash |
Flow Server |
Logstash to receive data from ElectricFlow |
||
9600 |
Logstash |
Used by the Logstash service for the Logstash monitoring APIs |
Ports used by CloudBees Flow components
Port | Used By |
---|---|
8000 |
CloudBees Flow server |
8400 |
CloudBees Flow server (SSL port) |
80 |
CloudBees Flow web server |
7080 |
CloudBees Flow web server when installed on Linux platforms without root privileges |
443 |
CloudBees Flow web server (SSL port) |
7443 |
CloudBees Flow web server (SSL port) when installed on Linux platforms without root privileges |
6800 |
Port used by the CloudBees Flow agent for HTTP communication on the localhost network interface |
7800 |
CloudBees Flow agents (by default, this is an HTTPS port) |
61613 |
Preflight file transfer port, other file transfer, event notifications, or other messaging |
8200 |
Artifact repository server (by default, this is an HTTPS port) |
8900 |
CloudBees Flow built-in (default) database. |