Network and Firewall Requirements

Couchbase Server uses a variety of network ports for communication between server components and with the clients that access the data stored in the Couchbase Server cluster.

The ports listed below must be open on each host for Couchbase Server to operate correctly. In addition, certain ports must be available (i.e., not blocked by a firewall or other such mechanism) between each node of a cluster, between nodes of multiple clusters connected via XDCR, between application servers and nodes, and for administrative access.

If any port numbers are already in use by other running applications, Couchbase Server will not function properly and may fail to start.

The following is a list of port numbers grouped by category of communication path:

Node-local: Only connected to over localhost, needs to be open on the node but not available externally.

11213, 9119, 9998

Node-to-node: Between all nodes within a single cluster.

4369, 8091-8096, 9100-9105, 9110-9118, 9120-9122, 9999, 11209, 11210, 18094, 21100-21299

Client-to-node: Between any clients/app-servers/SDKs and all nodes of each cluster they require access to.

Unencrypted*: 8091-8096, 11210, 11211

Encrypted: 18091-18096†††, 11207

Cluster administration: Administration traffic via the REST API, command-line, and Web UI.

Unencrypted*: 8091

Encrypted: 18091

Note: certain support/diagnostic requests may run against ports other than 8091. These are expected to execute locally on a node and so do not require external access.

XDCR: Between all source and destination nodes of an XDCR replication stream.

v1 (CAPI)

8091, 8092

v2 (XMEM)

Unencrypted*: 8091, 8092, 11210

Encrypted: 8091, 11207, 18091, 18092

  • If enforcing encryption (SSL/TLS), these ports may be blocked outside of a Couchbase Server cluster but need to remain open between nodes.

The following table provides more description:

Port Name Default Port Number Un / Encrypted Description Node-to-node Client-to-Node Cluster admin XDCR v1 (CAPI) XDCR v2 (XMEM)

epmd port

4369

Erlang Port Mapper Daemon

Yes

No

No

No

No

rest_port / ssl_rest_port

8091 / 18091

REST/HTTP including Web UI

Yes

Yes

Yes

Yes

Yes

capi_port / ssl_capi_port

8092 / 18092

Views and XDCR access

Yes

Yes

No

Yes

Yes

query_port / ssl_query_port

8093 / 18093

Query service REST/HTTP traffic

Yes

Yes

No

No

No

fts_http_port / fts_ssl_port

8094 / 18094

Search service REST/HTTP traffic

Yes

Yes

No

No

No

cbas_http_port / cbas_ssl_port

8095 / 18095†††

Analytics service REST/HTTP traffic

No

Yes

No

No

No

eventing_http_port/ eventing_ssl_port

8096 / 18096

Eventing service REST/HTTP traffic

No

Yes

No

No

No

debugPort†††††

9140

Port for Eventing Debugger

No

Yes

No

No

No

indexer_admin_port

9100

Indexer service

Yes

No

No

No

No

indexer_scan_port

9101

Indexer service

Yes

No

No

No

No

indexer_http_port

9102

Indexer service

Yes

No

No

No

No

indexer_stinit_port

9103

Indexer service

Yes

No

No

No

No

indexer_stcatchup_port

9104

Indexer service

Yes

No

No

No

No

indexer_stmaint_port

9105

Indexer service

Yes

No

No

No

No

cbas_admin_port

9110

Analytics service

Yes

No

No

No

No

cbas_cc_http_port

9111

Analytics service

Yes

No

No

No

No

cbas_cc_cluster_port

9112

Analytics service

Yes

No

No

No

No

cbas_cc_client_port

9113

Analytics service

Yes

No

No

No

No

cbas_console_port

9114

Analytics service

Yes

No

No

No

No

cbas_cluster_port††††

9115

Analytics service

Yes

No

No

No

No

cbas_data_port

9116

Analytics service

Yes

No

No

No

No

cbas_result_port

9117

Analytics service

Yes

No

No

No

No

cbas_messaging_port

9118

Analytics service

Yes

No

No

No

No

cbas_auth_port

9119

Analytics service

No

No

No

No

No

cbas_replication_port

9120

Analytics service

Yes

No

No

No

No

cbas_metadata_port

9121

Analytics service

Yes

No

No

No

No

cbas_metadata_callback_port

9122

Analytics service

Yes

No

No

No

No

xdcr_rest_port

9998

XDCR REST port

No

No

No

No

No

projector_port

9999

Indexer service

Yes

No

No

No

No

memcached_dedicated_port

11209

Data Service

Yes

No

No

No

No

memcached_port / memcached_ssl_port

11210 / 11207

Data Service

Yes

Yes

No

No

Yes

moxi_port††

11211

Moxi port

No

Yes

No

No

No

moxi_port_internal††

11213

Moxi port

No

No

No

No

No

Internal data ports

21100 to 21299 (inclusive)

Node data exchange.

Yes

No

No

No

No

† Cannot be remapped

†† Cannot be remapped. Deprecated in 5.0 and will be removed in a subsequent release. Consider using client-side Moxi instead.

††† Analytics SSL port not currently used; reserved for future use.

†††† In 5.5 Beta build, this port was named cbas_hyracks_console_port.

††††† The Eventing debugger port, debugPort, is an internal port and is not supported for external access outside of the cluster. Ensure to use this port only in your developer environments.

Custom Port Mapping

Changing the port mappings will require a reset and reconfiguration of any Couchbase Server node.

Setting up Couchbase Server with Custom Ports

  1. Install Couchbase Server (If already running, stop it.)

  2. Add the new user-defined ports to the /opt/couchbase/etc/couchbase/static_config file (this will be at wherever you put <path to> /couchbase/etc/couchbase/static_config for multiple node installations).

    • For example, to change the REST API port from 8091 to 9000, add this line:

      {rest_port, 9000}

    • Any ports not listed will be assigned their defaults as listed above

  3. (Optional) CAPI port (default 8092) can be edited in the /opt/couchbase/etc/couchdb/default.d/capi.ini file by replacing 8092 with the new port number.

  4. If Couchbase Server was previously configured, delete the opt/couchbase/var/lib/couchbase/config/config.dat file to remove the old configuration.

  5. Start Couchbase Server.