Couchbase Server Ports

    +
    Couchbase Server uses multiple TCP ports to facilitate communication between server components, as well as with Couchbase clients. These ports must be open for Couchbase Server to operate correctly.

    Ports Overview

    This page describes the TCP ports that are used by Couchbase Server for network communication. Some ports, such as those used for cluster management, are required to be open on every node because they are essential to how Couchbase Server communicates with itself. Other ports are used by individual Couchbase Services, and are only required to be open on the nodes where those services are running.

    Couchbase Server uses a default set of port numbers for all ports that it requires. The Couchbase Cluster Manager on each node is responsible for port management, and will open and close these ports on the host as necessary, as well as automatically switch to using encrypted ports if the cluster is configured to use TLS. Most port numbers can be remapped to fit the requirements of your network environment, but some port numbers cannot be changed.

    If other software on the same host is using any of the ports that are required by Couchbase Server, then Couchbase Server will not function properly and may fail to start. Refer to Port Availability below.

    Ephemeral Ports

    An ephemeral port is one temporarily allocated by a server’s operating system, as the source for an outgoing communication. Each operating system provides a default range of port numbers that can be assigned to ephemeral ports, when necessary. For Linux distributions, the typical range is 32768-61000. Couchbase Server relies on the full default range provided by each operating system: therefore, the default range should not be reduced by the administrator; since the resulting lack of ephemeral ports may result in outgoing communications using well-known ports instead (for example, 8091); thereby preventing Couchbase-Server processes from binding to the well-known ports to which they are assigned.

    Couchbase Server Communication Paths

    Couchbase Server components and services connect to each port over one or more communication paths. These paths are defined as:

    • Node-local: A Couchbase service running on a node connects to the port on localhost, and communication happens entirely within the node itself.

    • Node-to-node: A Couchbase service connects to the port on other nodes in the cluster.

    • Client-to-node: A Couchbase client, such as an application using the Couchbase SDK, connects to the port on the node that it requires access to.

    • XDCR (cluster-to-cluster): A source node connects to the port on a destination node of another cluster as part of an XDCR replication stream. (This is very similar to the client-to-node communication path.)

      There are two versions of XDCR that each use their own protocol: Version 1 (CAPI), which uses the REST protocol, and Version 2 (XMEM), which uses the Memcached Binary protocol. The default is Version 2, and it should be noted that each version requires a different set of ports. Refer to XDCR Advanced Settings for more information about XDCR versions.

    Each communication path used by a required port must remain open and unblocked by firewalls or other such mechanisms.

    Port Availability

    The following services will not start if they cannot listen on all required ports:

    • Cluster Management (ns-server)

    • Data Service (KV Engine)

    • Query Service

    • Index Service

    • Search Service

    • Eventing Service

    • Analytics Service

    Each service attempts to bind to its required ports using the IP address family that the Couchbase Server cluster is configured to use. So, if the Couchbase Server cluster is configured to use IPv6, each service attempts to bind to its required ports using IPv6. Similarly, if the Couchbase Server cluster is configured to use IPv4, each service attempts to bind to its required ports using IPv4. If a service can’t bind to the required ports using the configured IP address family, that service will not start.

    Refer to Table 2 for a list of the ports required by each service.

    Ports Listed by Communication Path

    Table 1 lists all port numbers grouped by category of communication path.

    Table 1. All Couchbase Server Ports, Listed by Communication Path
    Communication Path Default Ports

    Node-local only

    Unencrypted: 9119, 9998, 11213, 21200, 21300

    Encrypted: 21250, 21350

    Node-to-node

    Unencrypted: 4369, 8091-8094, 9100-9105, 9110-9118, 9120-9122, 9130, 9999, 11209-11210, 21100

    Encrypted: 11207, 18091-18094, 19130, 21150

    Client-to-node

    Unencrypted: 8091-8096, 9140 [1], 11210, 11211

    Encrypted: 11207, 18091-18096 [2]

    XDCR (cluster-to-cluster)

    • Version 1 (CAPI)

      • Unencrypted: 8091, 8092

    • Version 2 (XMEM)

      • Unencrypted: 8091, 8092, 11210

      • Encrypted: 11207, 18091, 18092

    If enforcing TLS encryption, these ports may be blocked outside of a Couchbase Server cluster but need to remain open between nodes.
    Certain support and diagnostic requests may run against ports other than the administration port (8091). These are expected to execute locally on a node and so do not require external access.

    Detailed Port Description

    Table 2 contains a detailed description of each port used by Couchbase Server.

    Table 2. All Couchbase Server Ports, Listed by Service
    Port name Default port number
    (un / encrypted)
    Description Node-to-node Client-to-node XDCR (cluster-to-cluster)

    epmd [3]

    4369

    Erlang Port Mapper Daemon

    Yes

    No

    No

    rest_port / ssl_rest_port

    8091 / 18091

    Cluster administration REST/HTTP traffic, including Couchbase Web Console

    Yes

    Yes

    Version 1 & 2

    capi_port / ssl_capi_port

    8092 / 18092

    Views and XDCR access

    Yes

    Yes

    Version 1 & 2

    query_port / ssl_query_port

    8093 / 18093

    Query service REST/HTTP traffic

    Yes

    Yes

    No

    fts_http_port / fts_ssl_port

    8094 / 18094

    Search Service REST/HTTP traffic

    No

    Yes

    No

    cbas_http_port / cbas_ssl_port [2]

    8095 / 18095

    Analytics service REST/HTTP traffic

    No

    Yes

    No

    eventing_http_port / eventing_ssl_port

    8096 / 18096

    Eventing service REST/HTTP traffic

    No

    Yes

    No

    indexer_admin_port

    9100

    Indexer service

    Yes

    No

    No

    indexer_scan_port

    9101

    Indexer service

    Yes

    No

    No

    indexer_http_port

    9102

    Indexer service

    Yes

    No

    No

    indexer_stinit_port

    9103

    Indexer service

    Yes

    No

    No

    indexer_stcatchup_port

    9104

    Indexer service

    Yes

    No

    No

    indexer_stmaint_port

    9105

    Indexer service

    Yes

    No

    No

    cbas_admin_port

    9110

    Analytics service

    Yes

    No

    No

    cbas_cc_http_port

    9111

    Analytics service

    Yes

    No

    No

    cbas_cc_cluster_port

    9112

    Analytics service

    Yes

    No

    No

    cbas_cc_client_port

    9113

    Analytics service

    Yes

    No

    No

    cbas_console_port

    9114

    Analytics service

    Yes

    No

    No

    cbas_cluster_port

    9115

    Analytics service

    Yes

    No

    No

    cbas_data_port

    9116

    Analytics service

    Yes

    No

    No

    cbas_result_port

    9117

    Analytics service

    Yes

    No

    No

    cbas_messaging_port

    9118

    Analytics service

    Yes

    No

    No

    cbas_auth_port

    9119

    Analytics service

    (node-local only)

    No

    No

    No

    cbas_replication_port

    9120

    Analytics service

    Yes

    No

    No

    cbas_metadata_port

    9121

    Analytics service

    Yes

    No

    No

    cbas_metadata_callback_port

    9122

    Analytics service

    Yes

    No

    No

    fts_grpc_port / fts_grpc_ssl_port

    9130 / 19130

    Search Service gRPC port used for scatter-gather operations between FTS nodes

    Yes

    No

    No

    eventing_debug_port [1]

    9140

    Eventing Service Debugger

    No

    Yes

    No

    xdcr_rest_port

    9998

    XDCR REST port

    (node-local only)

    No

    No

    No

    projector_port

    9999

    Indexer service

    Yes

    No

    No

    memcached_dedicated_port

    11209

    Data Service

    Yes

    No

    No

    memcached_port / memcached_ssl_port

    11210 / 11207

    Data Service

    Yes

    Yes

    Version 2

    Cluster Management Exchange

    21100 / 21150

    Cluster management traffic and communication

    Yes

    No

    No

    Cluster Management Exchange

    21200 / 21250

    Cluster management traffic and communication

    (node-local only)

    No

    No

    No

    Cluster Management Exchange

    21300 / 21350

    Cluster management traffic and communication

    (node-local only)

    No

    No

    No

    Custom Port Mapping

    Most, but not all, port numbers used by Couchbase Server can be remapped from their defaults to fit the requirements of your network environment. Refer to Table 2 for details about default ports and whether or not they can be remapped.

    Changing the port mappings will require a reset and reconfiguration of any Couchbase Server node.

    Changing port mappings should only be done at the time of initial node/cluster setup as the required reset and reconfiguration will also purge all data on the node.
    To Change Port Mapping
    1. Install Couchbase Server.

    2. Stop the Couchbase Server service.

    3. For most ports, you’ll need to edit the Couchbase Server static_config file. (This will be wherever you put the path to /couchbase/etc/couchbase/static_config in multi-node installations.)

      vi /opt/couchbase/etc/couchbase/static_config

      If you’re remapping the CAPI port (8092 / 18092) you’ll need to edit the /opt/couchbase/etc/couchdb/default.d/capi.ini file and replace 8092 with the new port number.

    4. Add each custom port map entry on its own line, using the following format (enclosed in braces and terminated by a period):

      {port-name, port-number}.

      For example, to change the REST API port from 8091 to 9000, you would add the following line:

      {rest_port, 9000}.

      Once you’ve added all of your custom port mappings, save the file and close your text editor.

    5. If Couchbase Server was previously configured, you’ll need to delete the /opt/couchbase/var/lib/couchbase/config/config.dat file to remove the old configuration.

      rm -rf /opt/couchbase/var/lib/couchbase/config/config.dat
    6. Start Couchbase Server.

    Any ports not given a custom mapping in the static_config file will continue to be assigned their defaults, which are listed in Table 2.


    1. The Eventing Service Debugger port eventing_debug_port (9140) is an internal port and is not supported for external access outside of the cluster. You should only use this port in your development environments.
    2. The Analytics Service encrypted port (18095) is not currently used, but is reserved for future use.
    3. This port cannot be remapped.