Search
Varnish Controller

Mapped Ports

Protocol Destination Port Source node Destination node Notes
HTTP/HTTPS 8002 vcli api-gw can use a proxy server for login (e.g.HTTP\_PROXY=127.0.0.1:8081 vcli login http://localhost:8002 -u test)
TCP/TLS 4222 api-gw nats
HTTP/HTTPS 8080 gui api-gw
TCP/TLS 4222 brainz nats
TCP/TLS 5432 brainz postgresql
TCP/TLS 4222 agent nats
HTTP/HTTPS 80 / 443 agent varnish Agent requires access to the 80443 port for Varnish for invalidation
TCP/UDP 6082 agent varnish Varnish administration interface
TCP/TLS 4222 router nats
HTTP/HTTPS 80 / 443 router varnish health checks
HTTP 81 powerdns router
UDP 53 by default powerdns * PowerDNS listens by default on port 53 but can be different if there is some port mapping in front.
TCP/TLS 5222 nats clustering It’s recommended to give each component access to at least 2 NATS servers in a clustered setup. All the other nats-servers are spread via gossip protocol to them. But having at least two configured per component, will avoid spof.
Optional Ports
HTTP * * nats NATS monitoring port (-m <port>)
HTTP 8092 * router Management port for the router. Domain health checks, prometheus statistics etc. Ref: https://docs.varnish-software.com/varnish-controller/concepts/routers/#management-interface
Note: All ports are configurable