Default Product Ports¶
This page describes the default ports that are used for each WSO2 product when the port offset is 0.
Attention
Note that it is recommended to disable the HTTP transport in an API Manager production setup. Using the Bearer
token over HTTP is a violation of the OAuth specification and can lead to security vulnerabilities.
Common ports¶
The following ports are common to all WSO2 products that provide the given feature. Some features are bundled in the WSO2 Carbon platform itself and therefore are available in all WSO2 products by default.
Management console ports¶
WSO2 products that provide a management console use the following servlet transport ports:
- 9443 - HTTPS servlet transport (the default URL of the management console is https://localhost:9443/carbon)
- 9763 - HTTP servlet transport
LDAP server ports¶
Provided by default in the WSO2 Carbon platform.
- 10389 - Used in WSO2 products that provide an embedded LDAP server
KDC ports¶
- 8000 - Used to expose the Kerberos key distribution center server
JMX monitoring ports¶
WSO2 Carbon platform uses TCP ports to monitor a running Carbon instance using a JMX client such as JConsole. By default, JMX is enabled in all products. You can disable it by adding the following configuration to <PRODUCT_HOME>/repository/conf/deployment.toml
file.
[monitoring.jmx]
rmi_server_start = false
- 11111 - RMIRegistry port. Used to monitor Carbon remotely
- 9999 - RMIServer port. Used along with the RMIRegistry port when Carbon is monitored from a JMX client that is behind a firewall
Clustering ports¶
To cluster any running Carbon instance, either one of the following ports must be opened.
- 45564 - Opened if the membership scheme is multicast
- 4000 - Opened if the membership scheme is WKA
Random ports¶
Certain ports are randomly opened during server startup. This is due to the specific properties and configurations that become effective when the product is started. Note that the IDs of these random ports will change every time the server is started.
-
A random TCP port will open at server startup because of the
-Dcom.sun.management.jmxremote
property is set in the server startup script. This property is used for the JMX monitoring facility in JVM. -
A random UDP port is opened at server startup due to the log4j appender (
SyslogAppender
), which is configured in the<PRODUCT_HOME>/repository/conf/log4j2.properties
file.
WSO2 API Manager ports¶
- 5672 - Used by the internal Message Broker.
- 7611 - TCP port to receive throttling events. Required when Thrift data publisher is used for throttling.
- 7711 - SSL port for secure transport to receive throttling events. Required when Thrift data publisher is used for throttling.
- 8280 - Passthrough or NIO HTTP transport
- 8243 - Passthrough or NIO HTTPS transport
- 9611 - TCP port to receive throttling events. Required when Binary data publisher is used for throttling.
- 9711 - SSL port for secure transport to receive throttling events. Required when Binary data publisher is used for throttling.
- 9099 - Web Socket ports.
WSO2 API Manager Analytics ports¶
- 7612 - TCP port to receive analytics events. Thrift data publisher is used.
- 7712 - SSL port for secure transport to receive analytics events. Thrift data publisher is used.
- 7444 - The default port for the Siddhi Store REST API.
- 9444 - MSF4J HTTPS Port used to upload analytics data from WSO2 API Microgateway.
- 9643 - Default port for the Analytics Dashboard Portal.
Note
If you change the default API Manager ports with a port offset, most of its ports will change automatically based on the offset.
Disabling HTTP Transports¶
API Manager has two HTTP transports. See below for instructions on how to disable the following:
- Passthru (API Traffic) Transport
- Servlet (UI Traffic and Admin service access) Transport
Disabling Passthrough Transport¶
Add the following configuration in the deployment.toml
file which resides in the <API-M_HOME>/repository/conf
directory.
[transport.passthru_http.listener]
enable = false
Disabling Servlet Transport¶
Add the following configuration in the deployment.toml
file that resides in the <API-M_HOME>/repository/conf
directory.
[transport.servlet_http.connector]
enable = false
Note
You need to restart the server for these changes to take effect.