KEEP uses four ports which have different purposes and warrant different access/security settings. By dividing KEEP access across more than one port, an administrator can take advantage of access security provided by the operating system and/or firewall.
The ports are specified in config.json
but can be overwritten using environment variables. See the page on configuration for details.
Data PORT (8880)
This is the main port used by KEEP to interact with API users. This port should be exposed to all users and be secured by https, either on KEEP or using a proxy. All access to data requires authentication.
Healthcheck Port (8886)
Healthcheck is to check whether KEEP is up. It’s a standard approach for Docker and Kubernetes environments, so any automated tooling that manages your containers can periodically check and automatically take action if the tool (in this case KEEP) is no longer working. It has a single endpoint, “/health” which responds with information about whether all parts of KEEP are responding - the eventbus, main KEEP server, KEEP management server, KEEP metrics server and access to a Domino database. It has separate security, it’s own username and password. This follows the same approach as the management server, but it’s a completely separate user. None of the users that have access to the rest of KEEP will have access to the healthcheck port, and the healthcheck user will not have access to other areas of KEEP.
Management Port (8889)
The management port allows access to KEEP runtime behavior, such as current config (/config
), runtime info (/info
) or KEEP shutdown/restart. It should not be exposed to normal users but only to the administrator network. A typical configuration is to block access to Port 8889 from anything but localhost
. An administrator who wants to interact with the management port would use an ssh
session to access the server and use curl
to access the management endpoints.
Port for Prometheus metrics (8890)
KEEP provides metrics in Prometheus format on Port 8890. When you don’t collect metrics, block access to this port. When you do collect them, open access to this port to the collecting server(s) only.
Configure for HTTPS access on Port 443
To make all ports accessible on Port 443, an https proxy server (Ingress on Kubernetes) can be used. This documentation provides two examples:
FAQs
The Port Configuration window displays the port configuration and provides access to a window for modifying port configuration. Port configuration values are: Port. Slot and port number for each port installed in the switch (for example, A1 means the first port in slot A).
How to configure server port? ›
In the HTTP Port box, type the port number that the server listens to when communicating through the Hypertext Transfer Protocol. In the HTTPS Port box, type the port number that the server listens to when communicating through the Hypertext Transfer Secure Protocol.
How do I check my port settings? ›
Type “Cmd” in the search box. Open “Command Prompt.” Enter the netstat -a command to see your port numbers.
How do I configure communication ports? ›
Right-click on Communications Port (COM1) and select Properties. In the Properties window, click on the Port Configuration tab and then click on Port Setting. For the Port Number field, use the pull-down menu to select COM2 for your Native COM Port and click OK. Click on the OK button in the Properties window.
How do I assign a port? ›
Assign ports is by assigning a standard port number and use the Server Bind Control function of the PROFILE. TCPIP PORT statement to assign each server to a separate IP address. Use the IP address on the PORT BIND be a VIPA address known to the domain name server (DNS) as a host name that users understand.
How do I make my port secure? ›
Install firewalls on hosts and patch them regularly to prevent hackers from using your ports to access data. Monitor open port vulnerabilities through penetration tests and assessments that allow you to identify which software or devices have opened ports and test all known insecurities.
How do I access my port? ›
While holding the port steady with your non- dominant hand, firmly insert the needle at a 90 degree angle until you feel the end of the needle hit the back of the port. Be careful not to touch the area where the needle will go into the port. D. Carefully release the needle.
How to tell if a port is open on a server? ›
Enter "telnet + IP address or hostname + port number" (e.g., telnet www.synology.com 1723 or telnet 10.17. xxx. xxx 5000) to run the telnet command and test the port status. If the port is open, a message will say Connected to 10.17.
What are the 3 types of port numbers? ›
The port numbers are divided into three ranges: the well-known ports, the registered ports, and the dynamic or private ports.
Should I use port 80 or 8080? ›
In summary, port 80 is the default port for HTTP traffic, while port 8080 is often used as an alternative HTTP port, especially for development and testing purposes or when the standard port 80 is already in use.
By default, port 22 is used to establish an SSH connection. This port is automatically configured during the installation of your operating system. To reduce the number of brute force attacks, you can configure another port for SSH access.
What is serial port configuration? ›
Configuring serial port communications involves specifying values for properties that control the baud rate and the Serial Data Format.