Search

Mapped Ports

To use git deployments, all brainz instances require access towards the configured Git URLs. To use ACME certificate handling, one or more agents require access towards the CA servers.

Protocol Destination Port Source Destination Notes
HTTP/HTTPS 8002 vcli api-gw can use a proxy server for login (e.g.HTTP\_PROXY=127.0.0.1:8081 vcli login http://localhost:8002 -u test)
TCP/TLS 4222 api-gw nats
HTTP/HTTPS 8080 gui api-gw
TCP/TLS 4222 brainz nats
TCP/TLS 5432 brainz postgresql
TCP/TLS 4222 agent nats
HTTP/HTTPS 80 / 443 agent varnish Agent requires access to the 80/443 port for Varnish for invalidation
TCP/UDP 6082 agent varnish Varnish administration interface
TCP/TLS 4222 router nats
HTTP/HTTPS 80 / 443 router varnish health checks
HTTP 81 powerdns router
UDP 53 by default powerdns * PowerDNS listens by default on port 53 but can be different if there is some port mapping in front.
TCP/TLS 5222 nats clustering It’s recommended to give each component access to at least 2 NATS servers in a clustered setup. All the other nats-servers are spread via gossip protocol to them. But having at least two configured per component will avoid a single point of failure.
Optional Ports
HTTP * * nats NATS monitoring port (-m <port>)
HTTP 8092 * router Management port for the router. Domain health checks, prometheus statistics etc. Ref: Management Interface
HTTPS 443 agent CA For ACME managed certificates, it is necessary that at least one agent can contact the Certificate Authority on port 443.
Note: All ports are configurable

®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203