This article describes the network ports that can be used by Assets Server.
Important: A cluster of Assets Server nodes requires port 5701 and 9300 to be opened to support proper cluster communication. This cluster of nodes should be considered private and should run behind a firewall or load balancer in which you typically only open port 80 or 443 (for communication with Assets Server using https). All users of the cluster (both internal and external) should connect through the firewall or load balancer.
Note that Hazelcast and Elasticsearch are not secured, meaning that opening up port 9100, 9200, 9300 or 5701 (towards the Internet or internal network) is a security risk.
Be sure therefore to properly protect your machine or cluster before installing Assets Server.
- HTTP serverPort: 80
- HTTPS serverPort: 443
- Hazelcast: 5701
- Elasticsearch: 9200, 9300
- Assets Server Health API: 9100
Safely accessing ports by using an ssh tunnel
To safely access ports 80, 9100 or 9200 by using an ssh tunnel, run the following command.
For example to create an SSH tunnel to an AWS EC2 machine running Assets Server:
ssh -L 9200:localhost:9200 -N firstname.lastname@example.org