KBEC-00041 - CloudBees CD (CloudBees Flow) TCP port usage - diagram and descriptions

Description

Customers may frequently have firewalls between the many CloudBees CD (CloudBees Flow) components, especially in large, multi-geographical deployments. This diagram and table describes all TCP ports used in an CloudBees CD installation. You can click on the below image to enlarge the diagram.

Normally the Server opens up a port for listening and the client connects to the port to make requests.

5d69867fd2221.png

This table summarizes TCP port usage

TCP PortDescriptionServerClientEncryptionComment
22Universal (proxy) agentproxy agentproxy targetSSL encrypted by defaultdefault when used
25mailSMTP mail serverFlow Server default
80web browserApacheuserClear text
138SMB/CIFSWorkspace StorageFlow Agent/Apache optional
139SMB/CIFSWorkspace StorageFlow Agent/Apache optional
389Active Directory or LDAP serverActive Directory or LDAPFlow Server default
443web browserApacheuserServer configurable, SSL encrypted by default
445SMB/CIFSWorkspace StorageAgent/Apache optional
465mailSSMTP mail serverFlow Server default
636Active Directory or LDAP serverActive Directory or LDAPFlow Server default
1433databaseSQL ServerFlow Server default when used
1521databaseOracleFlow Server default when used
2049NFSWorkspace StorageFlow Agent and Apache optional
3306databaseMySQLFlow Server default when used
6800Local AgentApache/Repo serverFlow AgentAgent configurabledefault added in 4.2
7800Access to AgentFlow Server / Gateway AgentFlow Agent / Gateway AgentAgent configurable, encrypted by defaultdefault must be open bidirectionally
8000Access to Flow ServerApache/ectool/Perl API/AgentFlow Server Must be open for agent installations that register resource
8200Repository serverUserRepository serverSSL encrypted by defaultdefault added in 4.0
8443Access to Server (SSL)Flow ServerApache/ectool/Perl APIServer configurable - SSL encrypted by defaultIf a step running in agent has ec-perl or ectool commands , then the request is sent to https://:8443/commanderRequest A step running in agent will not complete unless 8443 is opened from agent back to Flow server. The agent has to send the to Flow server port 8443 , to notify that the server of the outcome of the step run ( success or failure) .
61613Preflight file transferFlow Server / Gateway Agentuser/Agent/Gateway Agentencrypted using stomp+SSLoptional Must be bi-directional if need to transfer files from A to B and B to A
5445Hornetq / ActiveMQOnly when Flow Server is clusteredPeer Flow Server in the cluster Only when Flow Server is clustered
5446-5449JGroupsOnly when Flow Server is clusteredPeer Flow Server in the cluster Only when Flow Server is clustered. 2 for TCP and 2 for Failure detection that accounts for the 4 JGroups ports.
8900DatabaseMariaDBFlow Server Built-in database in Electric Flow Server 8.3 onwards
9200DevOps Insight Server PortsDevOps Insight Server DevOps Insight server to retrieve data from Elasticsearch
9300 Only when Elasticsearch service is clusteredPeer Elasticsearch in the cluster Used by the Elasticsearch service for internal communication between nodes within the Elasticsearch cluster
9500 LogstashFlow Server Logstash to receive data from ElectricFlow
9600 Logstash Used by the Logstash service for the Logstash monitoring APIs

Ports used by CloudBees Flow components

PortUsed By
8000CloudBees Flow server
8400CloudBees Flow server (SSL port)
80CloudBees Flow web server
7080CloudBees Flow web server when installed on Linux platforms without root privileges
443CloudBees Flow web server (SSL port)
7443CloudBees Flow web server (SSL port) when installed on Linux platforms without root privileges
6800Port used by the CloudBees Flow agent for HTTP communication on the localhost network interface
7800CloudBees Flow agents (by default, this is an HTTPS port)
61613Preflight file transfer port, other file transfer, event notifications, or other messaging
8200Artifact repository server (by default, this is an HTTPS port)
8900CloudBees Flow built-in (default) database.

Resolving port conflicts

Windows

From a cmd.exe prompt, use

"netstat -ab"

to show all the current used ports and the executable using the port.

Linux

From a shell prompt, use

"netstat -ap"

to show all the current used ports and the executable using the port.

Applies to

  • Product versions: All
  • OS versions: All

Have more questions?

0 Comments

Please sign in to leave a comment.