SearchVarnish Controller
| Protocol | Destination Port | Source node | Destination node | Notes |
|---|---|---|---|---|
HTTP/HTTPS |
8002 |
vcli | api-gw | can use a proxy server for login (e.g.HTTP\_PROXY=127.0.0.1:8081 vcli login http://localhost:8002 -u test) |
TCP/TLS |
4222 |
api-gw | nats | |
HTTP/HTTPS |
8080 |
gui | api-gw | |
TCP/TLS |
4222 |
brainz | nats | |
TCP/TLS |
5432 |
brainz | postgresql | |
TCP/TLS |
4222 |
agent | nats | |
HTTP/HTTPS |
80 / 443 |
agent | varnish | Agent requires access to the 80/443 port for Varnish for invalidation |
TCP/UDP |
6082 |
agent | varnish | Varnish administration interface |
TCP/TLS |
4222 |
router | nats | |
HTTP/HTTPS |
80 / 443 |
router | varnish | health checks |
HTTP |
81 |
powerdns | router | |
UDP |
53 by default |
powerdns | * |
PowerDNS listens by default on port 53 but can be different if there is some port mapping in front. |
TCP/TLS |
5222 |
nats | clustering | It’s recommended to give each component access to at least 2 NATS servers in a clustered setup. All the other nats-servers are spread via gossip protocol to them. But having at least two configured per component, will avoid spof. |
| Optional Ports | ||||
HTTP |
* |
* |
nats | NATS monitoring port (-m <port>) |
HTTP |
8092 |
* |
router | Management port for the router. Domain health checks, prometheus statistics etc. Ref: https://docs.varnish-software.com/varnish-controller/concepts/routers/#management-interface |
| Note: All ports are configurable |