A newer version of this documentation is available.

View Latest

Network and Firewall Requirements

    +
    Couchbase Server uses a variety of network ports for communication between server components and with the clients that access the data stored in the Couchbase Server cluster.

    The ports listed below must be open on each host for Couchbase Server to operate correctly. In addition, certain ports must be available (i.e., not blocked by a firewall or other such mechanism) between each node of a cluster, between nodes of multiple clusters connected via XDCR, between application servers and nodes, and for administrative access.

    If any port numbers are already in use by other running applications, Couchbase Server will not function properly and may fail to start.

    The following is a list of port numbers grouped by category of communication path:

    Node-local: Only connected to over localhost, needs to be open on the node but not available externally.

    11213, 9119, 9998

    Node-to-node: Between all nodes within a single cluster.

    4369, 8091-8096, 9100-9105, 9110-9118, 9120-9122, 9999, 11209, 11210, 21100-21299

    Client-to-node: Between any clients/app-servers/SDKs and all nodes of each cluster they require access to.

    Unencrypted*: 8091-8096, 11210, 11211

    Encrypted: 18091-18096†††, 11207

    Cluster administration: Administration traffic via the REST API, command-line, and Web UI.

    Unencrypted*: 8091

    Encrypted: 18091

    Note: certain support/diagnostic requests may run against ports other than 8091. These are expected to execute locally on a node and so do not require external access.

    XDCR: Between all source and destination nodes of an XDCR replication stream.

    v1 (CAPI)

    8091, 8092

    v2 (XMEM)

    Unencrypted*: 8091, 8092, 11210

    Encrypted: 8091, 11207, 18091, 18092

    • If enforcing encryption (SSL/TLS), these ports may be blocked outside of a Couchbase Server cluster but need to remain open between nodes.

    The following table provides more description:

    Port Name Default Port Number Un / Encrypted Description Node-to-node Client-to-Node Cluster admin XDCR v1 (CAPI) XDCR v2 (XMEM)

    epmd port

    4369

    Erlang Port Mapper Daemon

    Yes

    No

    No

    No

    No

    rest_port / ssl_rest_port

    8091 / 18091

    REST/HTTP including Web UI

    Yes

    Yes

    Yes

    Yes

    Yes

    capi_port / ssl_capi_port

    8092 / 18092

    Views and XDCR access

    Yes

    Yes

    No

    Yes

    Yes

    query_port / ssl_query_port

    8093 / 18093

    Query service REST/HTTP traffic

    Yes

    Yes

    No

    No

    No

    fts_http_port / fts_ssl_port

    8094 / 18094

    Search service REST/HTTP traffic

    Yes

    Yes

    No

    No

    No

    cbas_http_port / cbas_ssl_port

    8095 / 18095†††

    Analytics service REST/HTTP traffic

    No

    Yes

    No

    No

    No

    eventing_http_port/ eventing_ssl_port

    8096 / 18096

    Eventing service REST/HTTP traffic

    No

    Yes

    No

    No

    No

    debugPort†††††

    9140

    Port for Eventing Debugger

    No

    Yes

    No

    No

    No

    indexer_admin_port

    9100

    Indexer service

    Yes

    No

    No

    No

    No

    indexer_scan_port

    9101

    Indexer service

    Yes

    No

    No

    No

    No

    indexer_http_port

    9102

    Indexer service

    Yes

    No

    No

    No

    No

    indexer_stinit_port

    9103

    Indexer service

    Yes

    No

    No

    No

    No

    indexer_stcatchup_port

    9104

    Indexer service

    Yes

    No

    No

    No

    No

    indexer_stmaint_port

    9105

    Indexer service

    Yes

    No

    No

    No

    No

    cbas_admin_port

    9110

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_cc_http_port

    9111

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_cc_cluster_port

    9112

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_cc_client_port

    9113

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_console_port

    9114

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_cluster_port††††

    9115

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_data_port

    9116

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_result_port

    9117

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_messaging_port

    9118

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_auth_port

    9119

    Analytics service

    No

    No

    No

    No

    No

    cbas_replication_port

    9120

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_metadata_port

    9121

    Analytics service

    Yes

    No

    No

    No

    No

    cbas_metadata_callback_port

    9122

    Analytics service

    Yes

    No

    No

    No

    No

    xdcr_rest_port

    9998

    XDCR REST port

    No

    No

    No

    No

    No

    projector_port

    9999

    Indexer service

    Yes

    No

    No

    No

    No

    memcached_dedicated_port

    11209

    Data Service

    Yes

    No

    No

    No

    No

    memcached_port / memcached_ssl_port

    11210 / 11207

    Data Service

    Yes

    Yes

    No

    No

    Yes

    moxi_port††

    11211

    Moxi port

    No

    Yes

    No

    No

    No

    moxi_port_internal††

    11213

    Moxi port

    No

    No

    No

    No

    No

    Internal data ports

    21100 to 21299 (inclusive)

    Node data exchange.

    Yes

    No

    No

    No

    No

    † Cannot be remapped

    †† Cannot be remapped. Deprecated in 5.0 and will be removed in a subsequent release. Consider using client-side Moxi instead.

    ††† Analytics SSL port not currently used; reserved for future use.

    †††† In 5.5 Beta build, this port was named cbas_hyracks_console_port.

    ††††† The Eventing debugger port, debugPort, is an internal port and is not supported for external access outside of the cluster. Ensure to use this port only in your developer environments.

    Custom Port Mapping

    Changing the port mappings will require a reset and reconfiguration of any Couchbase Server node.

    Setting up Couchbase Server with Custom Ports

    1. Install Couchbase Server (If already running, stop it.)

    2. Add the new user-defined ports to the /opt/couchbase/etc/couchbase/static_config file (this will be at wherever you put <path to> /couchbase/etc/couchbase/static_config for multiple node installations).

      • For example, to change the REST API port from 8091 to 9000, add this line:

        {rest_port, 9000}
      • Any ports not listed will be assigned their defaults as listed above

    3. (Optional) CAPI port (default 8092) can be edited in the /opt/couchbase/etc/couchdb/default.d/capi.ini file by replacing 8092 with the new port number.

    4. If Couchbase Server was previously configured, delete the opt/couchbase/var/lib/couchbase/config/config.dat file to remove the old configuration.

    5. Start Couchbase Server.