This article describes the network ports that can be used by Elvis 5 Server. It is written with Elvis 5.14 or higher in mind; information for earlier versions is listed at the end of this article.
Important: A cluster of Elvis Server nodes requires port 5701 and 9300 to be opened to support proper cluster communication. This cluster of nodes should be considered private and should run behind a firewall or load balancer in which you typically only open port 80 or 443 (for communication with Elvis using https). All users of the cluster (both internal and external) should connect through the firewall or load balancer.
Note that Hazelcast and Elasticsearch are not secured, meaning that opening up port 9100, 9200, 9300 or 5701 (towards the Internet or internal network) is a security risk.
Be sure therefore to properly protect your machine or cluster before installing Elvis.
For Elvis 5.14 and higher
- HTTP serverPort: 80
- HTTPS serverPort: 443
- Hazelcast: 5701
- Elasticsearch: 9200, 9300
- Elvis Health API: 9100
Securing Elasticsearch ports
Elvis 5.19 and higher automatically restrict Elasticsearch port 9200 to only be accessible from localhost on the server. If you are running Elvis 5.14 – 5.18, you should do the same by adding the following settings to the node-config.properties.txt file on all your Elvis nodes:
Note: If you are running 5.13 or lower, please upgrade to a more recent Elvis version.
Safely accessing ports by using an ssh tunnel
To safely access ports 80, 9100 or 9200 by using an ssh tunnel, run the following command.
For example to create an SSH tunnel to an AWS EC2 machine running Elvis:
ssh -L 9200:localhost:9200 -N firstname.lastname@example.org
For Elvis 5.0 – 5.13
- http serverPort: 80
- https serverPort: 443
- Hazelcast1: 5701 – 5801 2
- Elasticsearch3: 9200 – 9300, 9300 – 9400
1 Hazelcast is used for the communication between the nodes in the Elvis cluster.
2 For Hazelcast and Elasticsearch not all 100 available ports in the specified ranges will be used.
3 Elasticsearch is the search engine that takes care of searching and indexing in Elvis.
- 17 January 2017: Added section 'Securing Elasticsearch ports'.
- 16 January 2017: Updated the 'Important' note by adding port 80 and port 9100.
- 16 January 2017: Updated the 'Important' note by adding that opening ports internally for Hazelcast and Elasticsearch is also a security risk.
- 22 December 2016: Added note about using TCP as the protocol to use.