| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
 | <!DOCTYPE html>
<html lang='en'>
<head>
<title>
Ports - LEAP Platform Documentation
</title>
<meta content='width=device-width, initial-scale=1.0' name='viewport'>
<meta charset='UTF-8'>
<base href="" />
<style>
  body {
    background: #444;
    display: flex;
    flex-direction: row;
    padding: 10px;
    margin: 0px;
  }
  #sidebar {
    flex: 0 0 250px;
    background: white;
    margin-right: 10px;
    padding: 20px;
  }
  #sidebar ul {
    list-style-type: none;
    padding-left: 0px;
    margin: 0;
  }
  #sidebar li { padding: 4px }
  #sidebar li a { text-decoration: none }
  #sidebar li.active { background: #444 }
  #sidebar li.active a { color: white }
  #sidebar li.level1 { padding-left: 20px }
  #sidebar li.level2 { padding-left: 40px }
  #main {
    flex: 1 1 auto;
    background: white;
    padding: 20px;
  }
  #title-box {
    padding-bottom: 20px;
    border-bottom: 5px solid #eee;
  }
  #title-box h1 {
    margin-top: 0px;
  }
  pre {
    padding: 10px;
    background: #eef;
  }
  code {
    background: #eef;
  }
  table {border-collapse: collapse}
  table td {
    border: 1px solid #ccc;
    padding: 4px;
    vertical-align: top;
  }
</style>
</head>
<body>
<div id='sidebar'>
<ul>
<li class=''>
<a href='../../index.html'>Home</a>
</li>
<li class=' level0'>
<a class='' href='../guide.html'>Guide</a>
</li>
<li class=' level0'>
<a class='' href='../tutorials.html'>Tutorials</a>
</li>
<li class=' level0'>
<a class='' href='../services.html'>Services</a>
</li>
<li class=' level0'>
<a class='' href='../upgrading.html'>Upgrading</a>
</li>
<li class=' level0'>
<a class='' href='../troubleshooting.html'>Troubleshooting</a>
</li>
<li class='semi-active level0'>
<a class='' href='../details.html'>Details</a>
</li>
<li class=' level1'>
<a class='' href='faq.html'>FAQ</a>
</li>
<li class=' level1'>
<a class='' href='development.html'>Development</a>
</li>
<li class='active level1'>
<a class='' href='ports.html'>Ports</a>
</li>
<li class=' level1'>
<a class='' href='under-the-hood.html'>Under the hood</a>
</li>
</ul>
</div>
<div id='main'>
<div id='title-box'>
<h1>Ports</h1>
<div id='summary'>The required open ports for different services.</div>
</div>
<div id='content-box'>
<div id="TOC"><ol>
  <li>
    <a href="ports/index.html#publicly-open-ports">Publicly open ports</a>
  </li>
  <li>
    <a href="ports/index.html#privately-open-ports">Privately open ports</a>
  </li>
</ol></div>
<p>There are many different ports that must be open in order for the LEAP platform to work. Some ports must be <em>publicly open</em>, meaning that these should be accessible from the public internet. Other ports are <em>privately open</em>, meaning that they must be accessible to sysadmins or to the other nodes in the provider’s infrastructure.</p>
<p>Every node already includes a host-based firewall. However, if your network has its own firewall, you need to make sure that these ports are not blocked.</p>
<h2><a name="publicly-open-ports"></a>Publicly open ports</h2>
<table class="table table-striped">
<tr>
  <th>Name</th>
  <th>Node Type</th>
  <th>Default</th>
  <th>Notes</th>
</tr>
<tr>
  <td>SMTP</td>
  <td>mx</td>
  <td>25</td>
  <td>This is required for all server-to-server SMTP email relay. This is not configurable.</td>
</tr>
<tr>
  <td>HTTP</td>
  <td>webapp</td>
  <td>80</td>
  <td>Although no actual services are available over port 80, it should be unblocked so that the web app can redirect to port 443. This is not configurable.</td>
</tr>
<tr>
  <td>HTTPS</td>
  <td>webapp</td>
  <td>443</td>
  <td>The web application is available over this port. This is not configurable.</td>
</tr>
<tr>
  <td>SMTPS</td>
  <td>mx</td>
  <td>465</td>
  <td>The client uses this port to submit outgoing email messages via SMTP over TLS. There is no easy way to change this, although you can create a custom <code>files/service-definitions/v1/smtp-service.json.erb</code> to do so. This will be changed to port 443 in the future.</td>
</tr>
<tr>
  <td>Soledad</td>
  <td>soledad</td>
  <td>2323</td>
  <td>The client uses this port to synchronize its storage data. This can be changed via the configuration property <code>soledad.port</code>. This will be changed to port 443 in the future.</td>
</tr>
<tr>
  <td>Nicknym</td>
  <td>webapp</td>
  <td>6425</td>
  <td>The client uses this port for discovering public keys. This can be changed via the configuration property <code>nickserver.port</code>. This will be changed to port 443 in the future.</td>
</tr>
<tr>
  <td>OpenVPN</td>
  <td>openvpn</td>
  <td>80, 443, 53, 1194</td>
  <td>By default, OpenVPN gateways will listen on all those ports. This can be changed via the configuration property <code>openvpn.ports</code>. Note that these ports must be open for <code>openvpn.gateway_address</code>, not for <code>ip_address</code>.</td>
</tr>
<tr>
  <td>API</td>
  <td>webapp</td>
  <td>4430</td>
  <td>Currently, the provider API is accessible via this port. In the future, the default will be changed to 443. For now, this can be changed via the configuration property <code>api.port</code>.</td>
</tr>
</table>
<h2><a name="privately-open-ports"></a>Privately open ports</h2>
<table class="table table-striped">
<tr>
  <th>Name</th>
  <th>Node Type</th>
  <th>Default</th>
  <th>Notes</th>
</tr>
<tr>
  <td>SSH</td>
  <td>all</td>
  <td>22</td>
  <td>This is the port that the sshd is bound to for the node. You can modify this using the configuration property <code>ssh.port</code>. It is important that this port is never blocked, or you will lose access to deploy to this node.</td>
</tr>
<tr>
  <td>Stunnel</td>
  <td>all</td>
  <td>10000-20000</td>
  <td>This is the range of ports that might be used for the encrypted stunnel connections between two nodes. These port numbers are automatically generated, but will fall somewhere in the specified range.</td>
</tr>
</table>
</div>
</div>
</body>
</html>
 |