A newer version of this documentation is available.

View Latest

Couchbase Server Ports

    +
    Couchbase Server uses multiple TCP ports to facilitate communication between server components, as well as with Couchbase clients. These ports must be open for Couchbase Server to operate correctly.

    Ports Overview

    This page describes the TCP ports that are used by Couchbase Server for network communication. Some ports, such as those used for cluster management, are required to be open on every node because they are essential to how Couchbase Server communicates with itself. Other ports are used by individual Couchbase Services, and are only required to be open on the nodes where those services are running.

    Couchbase Server uses a default set of port numbers for all ports that it requires. The Couchbase Cluster Manager on each node is responsible for port management, and will open and close these ports on the host as necessary, as well as automatically switch to using encrypted ports if the cluster is configured to use TLS. Most port numbers can be remapped to fit the requirements of your network environment, but some port numbers cannot be changed.

    If other software on the same host is using any of the ports that are required by Couchbase Server, then Couchbase Server will not function properly and may fail to start.

    Ephemeral Ports

    An ephemeral port is one temporarily allocated by a server’s operating system, as the source for an outgoing communication. Each operating system provides a default range of port numbers that can be assigned to ephemeral ports, when necessary. For Linux distributions, the typical range is 32768-61000. Couchbase Server relies on the full default range provided by each operating system: therefore, the default range should not be reduced by the administrator; since the resulting lack of ephemeral ports may result in outgoing communications using well-known ports instead (for example, 8091); thereby preventing Couchbase-Server processes from binding to the well-known ports to which they are assigned.

    To ensure that no numbering-conflicts can occur with Couchbase Server’s well-known ports (as listed below), it is strongly recommended that the range not be extended below its default, lowest number (which is, typically, on Linux, the number 32768). Note that if such conflicts were to occur, essential Couchbase-Server processes might either fail to start, or cease to function properly.

    Couchbase Server Communication Paths

    Couchbase Server components and services connect to each port over one or more communication paths. These paths are defined as:

    • Node-local: A Couchbase service running on a node connects to the port on localhost, and communication happens entirely within the node itself.

    • Node-to-node: A Couchbase service connects to the port on other nodes in the cluster.

    • Client-to-node: A Couchbase client, such as an application using the Couchbase SDK, connects to the port on the node that it requires access to.

    • XDCR (cluster-to-cluster): A source node connects to the port on a destination node of another cluster as part of an XDCR replication stream. (This is very similar to the client-to-node communication path.)

      There are two versions of XDCR that each use their own protocol: Version 1 (CAPI), which uses the REST protocol, and Version 2 (XMEM), which uses the Memcached Binary protocol. The default is Version 2, and it should be noted that each version requires a different set of ports. Refer to XDCR Advanced Settings for more information about XDCR versions.

    Each communication path used by a required port must remain open and unblocked by firewalls or other such mechanisms.

    Ports Listed by Communication Path

    Table 1 lists all port numbers grouped by category of communication path.

    Table 1. All Couchbase Server Ports, Listed by Communication Path
    Communication Path Default Ports

    Node-local only

    9119, 9998, 11213

    Node-to-node

    Unencrypted: 4369, 8091-8094, 9100-9105, 9110-9118, 9120-9122, 9999, 11209-11210, 21100-21299

    Encrypted: 11207, 18091-18094 [1]

    Client-to-node

    Unencrypted: 8091-8096, 9140 [2], 11210, 11211

    Encrypted: 11207, 18091-18096 [3]

    XDCR (cluster-to-cluster)

    • Version 1 (CAPI)

      • Unencrypted: 8091, 8092

    • Version 2 (XMEM)

      • Unencrypted: 8091, 8092, 11210

      • Encrypted: 11207, 18091, 18092

    If enforcing TLS encryption, these ports may be blocked outside of a Couchbase Server cluster but need to remain open between nodes.
    Certain support and diagnostic requests may run against ports other than the administration port (8091). These are expected to execute locally on a node and so do not require external access.

    Detailed Port Description

    Table 2 contains a detailed description of each port used by Couchbase Server.

    Table 2. All Couchbase Server Ports, Listed by Service
    Port name Default port number
    (un / encrypted)
    Description Node-to-node Client-to-node XDCR (cluster-to-cluster)

    epmd [4]

    4369

    Erlang Port Mapper Daemon

    Yes

    No

    No

    rest_port / ssl_rest_port

    8091 / 18091

    Cluster administration REST/HTTP traffic, including Couchbase Web Console

    Yes

    Yes

    Version 1 & 2

    capi_port / ssl_capi_port

    8092 / 18092

    Views and XDCR access

    Yes

    Yes

    Version 1 & 2

    query_port / ssl_query_port

    8093 / 18093

    Query service REST/HTTP traffic

    Yes

    Yes

    No

    fts_http_port / fts_ssl_port

    8094 / 18094

    Search Service REST/HTTP traffic

    Yes [1]

    Yes

    No

    cbas_http_port / cbas_ssl_port [3]

    8095 / 18095

    Analytics service REST/HTTP traffic

    No

    Yes

    No

    eventing_http_port / eventing_ssl_port

    8096 / 18096

    Eventing service REST/HTTP traffic

    No

    Yes

    No

    indexer_admin_port

    9100

    Indexer service

    Yes

    No

    No

    indexer_scan_port

    9101

    Indexer service

    Yes

    No

    No

    indexer_http_port

    9102

    Indexer service

    Yes

    No

    No

    indexer_stinit_port

    9103

    Indexer service

    Yes

    No

    No

    indexer_stcatchup_port

    9104

    Indexer service

    Yes

    No

    No

    indexer_stmaint_port

    9105

    Indexer service

    Yes

    No

    No

    cbas_admin_port

    9110

    Analytics service

    Yes

    No

    No

    cbas_cc_http_port

    9111

    Analytics service

    Yes

    No

    No

    cbas_cc_cluster_port

    9112

    Analytics service

    Yes

    No

    No

    cbas_cc_client_port

    9113

    Analytics service

    Yes

    No

    No

    cbas_console_port

    9114

    Analytics service

    Yes

    No

    No

    cbas_cluster_port

    9115

    Analytics service

    Yes

    No

    No

    cbas_data_port

    9116

    Analytics service

    Yes

    No

    No

    cbas_result_port

    9117

    Analytics service

    Yes

    No

    No

    cbas_messaging_port

    9118

    Analytics service

    Yes

    No

    No

    cbas_auth_port

    9119

    Analytics service

    (node-local only)

    No

    No

    No

    cbas_replication_port

    9120

    Analytics service

    Yes

    No

    No

    cbas_metadata_port

    9121

    Analytics service

    Yes

    No

    No

    cbas_metadata_callback_port

    9122

    Analytics service

    Yes

    No

    No

    debugPort [2]

    9140

    Eventing Service Debugger

    No

    Yes

    No

    xdcr_rest_port

    9998

    XDCR REST port

    (node-local only)

    No

    No

    No

    projector_port

    9999

    Indexer service

    Yes

    No

    No

    memcached_dedicated_port

    11209

    Data Service

    Yes

    No

    No

    memcached_port / memcached_ssl_port

    11210 / 11207

    Data Service

    Yes

    Yes

    Version 2

    moxi_port [4] [5]

    11211

    Moxi port

    No

    Yes

    No

    moxi_port_internal [4] [5]

    11213

    Moxi port

    (node-local only)

    No

    No

    No

    Internal data ports

    21100-21299

    Node data exchange

    Yes

    No

    No

    Custom Port Mapping

    Most, but not all, port numbers used by Couchbase Server can be remapped from their defaults to fit the requirements of your network environment. Refer to Table 2 for details about default ports and whether or not they can be remapped.

    Changing the port mappings will require a reset and reconfiguration of any Couchbase Server node.

    To Change Port Mapping
    1. Install Couchbase Server.

    2. Stop the Couchbase Server service.

    3. For most ports, you’ll need to edit the Couchbase Server static_config file. (This will be wherever you put the path to /couchbase/etc/couchbase/static_config in multi-node installations.)

      vi /opt/couchbase/etc/couchbase/static_config

      If you’re remapping the CAPI port (8092 / 18092) you’ll need to edit the /opt/couchbase/etc/couchdb/default.d/capi.ini file and replace 8092 with the new port number.

    4. Add each custom port map entry on its own line, using the following format:

      {port-name, port-number}

      For example, to change the REST API port from 8091 to 9000, you would add the following line:

      {rest_port, 9000}

      Once you’ve added all of your custom port mappings, save the file and close your text editor.

    5. If Couchbase Server was previously configured, you’ll need to delete the opt/couchbase/var/lib/couchbase/config/config.dat file to remove the old configuration.

      rm -rf opt/couchbase/var/lib/couchbase/config/config.dat
    6. Start Couchbase Server.

    Any ports not given a custom mapping in the static_config file will continue to be assigned their defaults, which are listed in Table 2.


    1. In Couchbase Server 6.0 Enterprise Edition, the Search Service explicitly requires encrypted port 18094 (fts_ssl_port) for scatter-gather operations between nodes that are running the Search Service (even if you’re still using unencrypted port 8094 for client-to-node traffic). The node-to-node traffic uses the HTTP/2 protocol and is encrypted with either the auto-generated certificate from installation, or with a custom node certificate if one has been specified.
    2. The Eventing Service Debugger port (9140, debugPort) is an internal port and is not supported for external access outside of the cluster. You should only use this port in your development environments.
    3. The Analytics Service encrypted port (18095) is not currently used, but is reserved for future use.
    4. This port cannot be remapped.
    5. Support for server-side Moxi was deprecated in version 5.0, and the ability to create a bucket with a Moxi port was removed in version 5.5. Support for port-based buckets will be completely removed in a future release. Attempts to upgrade to a release that doesn’t support port-based buckets will fail during rebalance if a port-based bucket is present in the cluster. Use bucket-edit --remove-bucket-port in the CLI to remove the port from each bucket, and consider using client-side Moxi.