Default Product Ports¶
This page describes the default ports that are used for each WSO2 product when the port offset is 0.
Note that it is recommended to disable the HTTP transport in an API Manager production setup. Using the
Bearer token over HTTP is a violation of the OAuth specification and can lead to security vulnerabilities.
The following ports are common to all WSO2 products that provide the given feature. Some features are bundled in the WSO2 Carbon platform itself and therefore are available in all WSO2 products by default.
Management console ports¶
WSO2 products that provide a management console use the following servlet transport ports:
- 9443 - HTTPS servlet transport (the default URL of the management console is https://localhost:9443/carbon)
- 9763 - HTTP servlet transport
LDAP server ports¶
Provided by default in the WSO2 Carbon platform.
- 10389 - Used in WSO2 products that provide an embedded LDAP server
- 8000 - Used to expose the Kerberos key distribution center server
JMX monitoring ports¶
WSO2 Carbon platform uses TCP ports to monitor a running Carbon instance using a JMX client such as JConsole. By default, JMX is enabled in all products. You can disable it by adding the following configuration to
[monitoring.jmx] rmi_server_start = false
- 11111 - RMIRegistry port. Used to monitor Carbon remotely
- 9999 - RMIServer port. Used along with the RMIRegistry port when Carbon is monitored from a JMX client that is behind a firewall
To cluster any running Carbon instance, either one of the following ports must be opened.
- 45564 - Opened if the membership scheme is multicast
- 4000 - Opened if the membership scheme is WKA
Certain ports are randomly opened during server startup. This is due to the specific properties and configurations that become effective when the product is started. Note that the IDs of these random ports will change every time the server is started.
A random TCP port will open at server startup because of the
-Dcom.sun.management.jmxremoteproperty is set in the server startup script. This property is used for the JMX monitoring facility in JVM.
A random UDP port is opened at server startup due to the log4j appender (
SyslogAppender), which is configured in the
WSO2 API Manager ports¶
- 5672 - Used by the internal Message Broker.
- 7611 - Authenticate data published when Thrift data publisher is used for throttling.
- 7612 - Publish analytics to the API Manager Analytics server.
- 7711 - Port for secure transport when Thrift data publisher is used for throttling.
- 7711 +
Port offset of the APIM Analytics Server- Thrift SSL port for secure transport when publishing analytics to the API Manager Analytics server.
- 8280 - Passthrough or NIO HTTP transport
- 8243 - Passthrough or NIO HTTPS transport
- 9611 - Publish data to the Traffic Manager. Required when binary data publisher for throttling.
- 9711 - Authenticate data published to the Traffic Manager. Required when binary data publisher for throttling.
- 10397 - Thrift client and server ports.
- 9099 - Web Socket ports.
- 1886 - Default MQTT port.
WSO2 API Manager Analytics ports¶
- 7712 - Thrift SSL port for secure transport, where the client(gateway) is authenticated to use WSO2 API-M Analytics.
- 7612 - Thrift TCP port where WSO2 API-M Analytics receives events from clients(gateways).
- 7444 - The default port for the Siddhi Store REST API.
- 9444 - MSF4J HTTPS Port used to upload analytics data from WSO2 API Microgateway.
- 9643 - Default port for the Analytics Dashboard Portal.
If you change the default API Manager ports with a port offset, most of its ports will change automatically based on the offset.
Disabling HTTP Transports¶
API Manager has two HTTP transports. See below for instructions on how to disable the following:
- Passthru (API Traffic) Transport
- Servlet (UI Traffic and Admin service access) Transport
Disabling Passthrough Transport¶
Add the following configuration in the
deployment.toml file which resides in the
[transport.passthru_http.listener] enable = false
Disabling Servlet Transport¶
- Open the
Locate the Connector with port 9763 as shown below:
HTTP Transport Receiver
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9763" ... />
Comment out the HTTP connector section.
You need to restart the server for these changes to take effect.