KBEC-00041 - CloudBees CD (CloudBees Flow) TCP port usage

Description

Customers may frequently have firewalls between the many CloudBees CD (CloudBees Flow) components, especially in large, multi-geographical deployments. This diagram and table describes all TCP ports used in an CloudBees CD installation. You can click on the below image to enlarge the diagram.

Normally the Server opens up a port for listening and the client connects to the port to make requests.

This table summarizes TCP port usage

TCP Port	Description	Server	Client	Encryption	Comment
22	Universal (proxy) agent	proxy agent	proxy target	SSL encrypted by default	default when used
25	mail	SMTP mail server	Flow Server		default
80	web browser	Apache	user	Clear text
138	SMB/CIFS	Workspace Storage	Flow Agent/Apache		optional
139	SMB/CIFS	Workspace Storage	Flow Agent/Apache		optional
389	Active Directory or LDAP server	Active Directory or LDAP	Flow Server		default
443	web browser	Apache	user	Server configurable, SSL encrypted by default
445	SMB/CIFS	Workspace Storage	Agent/Apache		optional
465	mail	SSMTP mail server	Flow Server		default
636	Active Directory or LDAP server	Active Directory or LDAP	Flow Server		default
1433	database	SQL Server	Flow Server		default when used
1521	database	Oracle	Flow Server		default when used
2049	NFS	Workspace Storage	Flow Agent and Apache		optional
3306	database	MySQL	Flow Server		default when used
6800	Local Agent	Apache/Repo server	Flow Agent	Agent configurable	default added in 4.2
7800	Access to Agent	Flow Server / Gateway Agent	Flow Agent / Gateway Agent	Agent configurable, encrypted by default	default must be open bidirectionally
8000	Access to Flow Server	Apache/ectool/Perl API/Agent	Flow Server		Must be open for agent installations that register resource
8200	Repository server	User	Repository server	SSL encrypted by default	default added in 4.0
8443	Access to Server (SSL)	Flow Server	Apache/ectool/Perl API	Server configurable - SSL encrypted by default	If a step running in agent has ec-perl or ectool commands , then the request is sent to https://localhost:8443/commanderRequest A step running in agent will not complete unless 8443 is opened from agent back to Flow server. The agent has to send the to Flow server port 8443 , to notify that the server of the outcome of the step run ( success or failure) .
61613	Preflight file transfer	Flow Server / Gateway Agent	user/Agent/Gateway Agent	encrypted using stomp+SSL	optional Must be bi-directional if need to transfer files from A to B and B to A
5445	Hornetq / ActiveMQ	Only when Flow Server is clustered	Peer Flow Server in the cluster		Only when Flow Server is clustered
5446-5449	JGroups	Only when Flow Server is clustered	Peer Flow Server in the cluster		Only when Flow Server is clustered. 2 for TCP and 2 for Failure detection that accounts for the 4 JGroups ports.
8900	Database	MariaDB	Flow Server		Built-in database in Electric Flow Server 8.3 onwards
9200	DevOps Insight Server Ports	DevOps Insight Server			DevOps Insight server to retrieve data from Elasticsearch
9300		Only when Elasticsearch service is clustered	Peer Elasticsearch in the cluster		Used by the Elasticsearch service for internal communication between nodes within the Elasticsearch cluster
9500		Logstash	Flow Server		Logstash to receive data from ElectricFlow
9600		Logstash			Used by the Logstash service for the Logstash monitoring APIs

TCP Port

Description

Server

Client

Encryption

Comment

Universal (proxy) agent

proxy agent

proxy target

SSL encrypted by default

default when used

mail

SMTP mail server

Flow Server

default

web browser

Apache

user

Clear text

138

SMB/CIFS

Workspace Storage

Flow Agent/Apache

optional

139

SMB/CIFS

Workspace Storage

Flow Agent/Apache

optional

389

Active Directory or LDAP server

Active Directory or LDAP

Flow Server

default

443

web browser

Apache

user

Server configurable, SSL encrypted by default

445

SMB/CIFS

Workspace Storage

Agent/Apache

optional

465

mail

SSMTP mail server

Flow Server

default

636

Active Directory or LDAP server

Active Directory or LDAP

Flow Server

default

1433

database

SQL Server

Flow Server

default when used

1521

database

Oracle

Flow Server

default when used

2049

NFS

Workspace Storage

Flow Agent and Apache

optional

3306

database

MySQL

Flow Server

default when used

6800

Local Agent

Apache/Repo server

Flow Agent

Agent configurable

default added in 4.2

7800

Access to Agent

Flow Server / Gateway Agent

Flow Agent / Gateway Agent

Agent configurable, encrypted by default

default must be open bidirectionally

8000

Access to Flow Server

Apache/ectool/Perl API/Agent

Flow Server

Must be open for agent installations that register resource

8200

Repository server

User

Repository server

SSL encrypted by default

default added in 4.0

8443

Access to Server (SSL)

Flow Server

Apache/ectool/Perl API

Server configurable - SSL encrypted by default

If a step running in agent has ec-perl or ectool commands , then the request is sent to https://localhost:8443/commanderRequest A step running in agent will not complete unless 8443 is opened from agent back to Flow server. The agent has to send the to Flow server port 8443 , to notify that the server of the outcome of the step run ( success or failure) .

61613

Preflight file transfer

Flow Server / Gateway Agent

user/Agent/Gateway Agent

encrypted using stomp+SSL

optional Must be bi-directional if need to transfer files from A to B and B to A

5445

Hornetq / ActiveMQ

Only when Flow Server is clustered

Peer Flow Server in the cluster

Only when Flow Server is clustered

5446-5449

JGroups

Only when Flow Server is clustered

Peer Flow Server in the cluster

Only when Flow Server is clustered. 2 for TCP and 2 for Failure detection that accounts for the 4 JGroups ports.

8900

Database

MariaDB

Flow Server

Built-in database in Electric Flow Server 8.3 onwards

9200

DevOps Insight Server Ports

DevOps Insight Server

DevOps Insight server to retrieve data from Elasticsearch

9300

Only when Elasticsearch service is clustered

Peer Elasticsearch in the cluster

Used by the Elasticsearch service for internal communication between nodes within the Elasticsearch cluster

9500

Logstash

Flow Server

Logstash to receive data from ElectricFlow

9600

Logstash

Used by the Logstash service for the Logstash monitoring APIs

Ports used by CloudBees Flow components

Port	Used By
8000	CloudBees Flow server
8400	CloudBees Flow server (SSL port)
80	CloudBees Flow web server
7080	CloudBees Flow web server when installed on Linux platforms without root privileges
443	CloudBees Flow web server (SSL port)
7443	CloudBees Flow web server (SSL port) when installed on Linux platforms without root privileges
6800	Port used by the CloudBees Flow agent for HTTP communication on the localhost network interface
7800	CloudBees Flow agents (by default, this is an HTTPS port)
61613	Preflight file transfer port, other file transfer, event notifications, or other messaging
8200	Artifact repository server (by default, this is an HTTPS port)
8900	CloudBees Flow built-in (default) database.

Resolving port conflicts

Windows

From a cmd.exe prompt, use

"netstat -ab"

to show all the current used ports and the executable using the port.

Linux

From a shell prompt, use

"netstat -ap"

to show all the current used ports and the executable using the port.

Applies to

Product versions: All
OS versions: All

KBEC-00041 - CloudBees CD (CloudBees Flow) TCP port usage - diagram and descriptions

Description

This table summarizes TCP port usage

Ports used by CloudBees Flow components

Resolving port conflicts

Windows

Linux

Applies to