WoodWing Help Center

Elvis 5 Server network ports

Elvis 5 Server network ports

This article describes the network ports that can be used by Elvis 5 Server. It is written with Elvis 5.14 or higher in mind; information for earlier versions is listed at the end of this article.

Important: A cluster of Elvis Server nodes requires port 5701 and 9300 to be opened to support proper cluster communication. This cluster of nodes should be considered private and should run behind a firewall or load balancer in which you typically only open port 80 or 443 (for communication with Elvis using https). All users of the cluster (both internal and external) should connect through the firewall or load balancer.

Note that Hazelcast and Elasticsearch are not secured, meaning that opening up port 9100, 9200, 9300 or 5701 (towards the Internet or internal network) is a security risk.

Be sure therefore to properly protect your machine or cluster before installing Elvis.

For Elvis 5.14 and higher

  • HTTP serverPort: 80
  • HTTPS serverPort: 443
  • Hazelcast: 5701
  • Elasticsearch: 9200, 9300
  • Elvis Health API: 9100

Notes:

  • For all ports mentioned above, TCP should be specified as the protocol.

  • Hazelcast is used for the communication between the nodes in the Elvis cluster.
  • Elasticsearch is the search engine that takes care of searching and indexing in Elvis
  • Port 9300 and 5701 need to be available for communication between all Elvis nodes, but these ports should NOT be open to the world.
  • Port 443 or 80 is the only port that needs to be available for clients to connect (single node) or for the load balancer (multi-node).
  • Port 9100 and 9200 are only for administrative use. These should be accessed securely, for example by restricting access or by using an SSH tunnel: ssh -L 9200:localhost:9200 -N <nodeIP>

Securing Elasticsearch ports

Elvis 5.19 and higher automatically restrict Elasticsearch port 9200 to only be accessible from localhost on the server. If you are running Elvis 5.14 – 5.18, you should do the same by adding the following settings to the node-config.properties.txt file on all your Elvis nodes:

elasticsearch.http.bindHost=127.0.0.1

elasticsearch.http.publishHost=localhost

Note: If you are running 5.13 or lower, please upgrade to a more recent Elvis version.

Safely accessing ports by using an ssh tunnel

To safely access ports 80, 9100 or 9200 by using an ssh tunnel, run the following command.

For example to create an SSH tunnel to an AWS EC2 machine running Elvis:

ssh -L 9200:localhost:9200 -N ec2-user@10.20.50.190

For Elvis 5.0 – 5.13

  • http serverPort: 80
  • https serverPort: 443
  • Hazelcast1: 5701 – 5801 2
  • Elasticsearch3: 9200 – 9300, 9300 – 9400

1 Hazelcast is used for the communication between the nodes in the Elvis cluster.

2 For Hazelcast and Elasticsearch not all 100 available ports in the specified ranges will be used.

3 Elasticsearch is the search engine that takes care of searching and indexing in Elvis.

Document history

  • 17 January 2017: Added section 'Securing Elasticsearch ports'.
  • 16 January 2017: Updated the 'Important' note by adding port 80 and port 9100.
  • 16 January 2017: Updated the 'Important' note by adding that opening ports internally for Hazelcast and Elasticsearch is also a security risk.
  • 22 December 2016: Added note about using TCP as the protocol to use.
Was this article helpful?
1 out of 1 found this helpful / Created: / Updated:
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.