General list of the EXPOSED ports on the instance :
- 22 : To access the instance via SSH from your computer. SSH access to the instance is required for administration and debugging.
- 80 : To access the Terraform Cloud application via HTTP. This port redirects to port 443 for HTTPS.
- 443 : To access the Terraform Cloud application via HTTPS (Nginx - dashboard UI, API endpoints, webhooks, etc)
- 8800 : To access the installer dashboard (ReplicatedUI dashboard)
Port that should be available for OTHER members of the cluster (V5) and internally
- 9870-9880 (inclusive) : For internal communication on the host and its subnet; not publicly accessible.
- 23000-23100 (inclusive) : For internal communication on the host and its subnet; not publicly accessible.
Higher ports and their function in details
Please note that the list below is incomplete and may contain minor errors
|Port or range of ports||Function/Application|
|2003||Graphite (Carbon) feeding port (monitoring, metrics)|
|2004||Graphite (Carbon) feeding port (monitoring, metrics)|
|4150-4151, 4160-4161, 4170-4171||Replicated NSQD (messaging platform-daemon for internal communication)|
|5672||RabbitMQ TFE worker coordination|
|6379||Redis (Caching and coordination between web and background workers in the application layer)|
|7586||TFE ingress - pulls in version control systems (VCS) (GitHub, BitBUcket, etc) data and stores via Archivist|
|7588||TFE State parser|
|7675||TFE Archivist - stores data in object storage, encrypts it via Vault|
|8089||InfluxDB default UDP Service (monitoring, metrics)|
|8125||StatsD (monitoring, metrics)|
|8200||TFE node Vault (built-in) for encrypting practically everything|
|8800||ReplicatedUI (TFE setup Dashboard)|
|9292||Atlas engine (old name of TFE engine)|
|9873||ReplicatedUI retraced engine API (replicated audit subcomponent)|
|9874-9879||ReplicatedUI entry point span|
|23005||TFE Health Check point|
|23020||Nomad (built-in) scheduler (for Sentinel runs)|
|32774-32776||ReplicatedUI internal StatsD ports mapped then to standard (see above 2003⁄2004 and 8125 )|
If Terraform Enterprise is installed in online mode, it accesses the following hostnames to get software updates:
Airgapped installs do not check for updates over the network.
Additionally, the following hostnames are accessed unless a custom Terraform bundle is supplied:
- registry.terraform.io (when using Terraform 0.12 and later)
When Cost Estimation is enabled, it uses the respective cloud provider’s APIs to get up-to-date pricing info.
If a firewall is configured on the instance, be sure that traffic can flow out of the
docker0 interface to the instance’s primary address.