Port Requirements for PaaS on AWS
The platform requires a number of ports to be opened via the firewall for correct operation on AWS.
Global ports (must be opened for certain external addresses):
- 22, 64000 (TCP) - for container migration between hardware hosts and for SSH access
- 53 (UDP/TCP) - for access to the platform DNS (open for all)
- 4789 (UDP) - for the vxlan overlay L2 network (open for all hosts’ external IP addresses of the Virtuozzo Application Management region)
- 3306 (TCP) - for connection to the main Virtuozzo Application Management database from the trusted IP list
- 3307 (TCP) - for connection to the database backup from the trusted IP list
Local ports (can be opened for your local IP addresses/networks only):
- 11000-20000 (TCP/UDP) - for the endpoints feature support
- 80 (TCP) - for the HTTP connection to the dashboard and environments
- 443 (TCP) - for the HTTPS connection to the dashboard and environments
- 500, 4500 (UDP) - for the L3 link between hosts in regions
- 3022 (TCP) - for access via SSH
- 4848 (TCP) - for the connection to the GlassFish, LiteSpeed, and WildFly admin panels
- 4949 (TCP) - for the connection to the admin panels
- 7979 (TCP) - for the export/import features support
- 4901-4910 (TCP) - for the service ports, which can be proxied to the upstream instances, if needed. For example, these ports can be used by the application admin panel
- 8443 (TCP) - for the alternative HTTPS connection
- 8080 (TCP) - for the alternative HTTP connection
- 8081 (TCP) - for the web installer
