Security and Firewall
Warning
Chef Automate 4.x will not be available for download before the end of September 2022. We are working on making the upgrade process a seamless experience. Until then, you can download Chef Automate 3.0.49. Please get in touch with support for more information.
The Chef Automate High Availability (HA) cluster requires multiple ports for the front and backend servers to operate effectively and reduce network traffic. Below is a breakdown of those ports and what needs to be open for each set of servers.
Ports required for all Machines
Machines | Chef Automate | Chef Infra Server | Postgresql | OpenSearch | Bastion |
---|---|---|---|---|---|
Incoming | TCP 22, 9631, 443, 80 | TCP 22, 9631, 443, 80 | TCP 22, 9631, 7432, 5432, 9638 UDP 9638 | TCP 22, 9631, 9200, 9300, 9638, 6432 UDP 9638 | |
Outgoing | TCP 22, 9631, 443, 80 | TCP 22, 9631, 443, 80 | TCP 22, 9631, 7432, 5432, 9638 UDP 9638 | TCP 22, 9631, 9200, 9300, 9638, 6432 UDP 9638 | TCP 22, 9631 |
Note
- Custom SSH port is supported, but same port should be used accross all the machines.
Port usage definitions
Protocol | Port Number | Usage |
---|---|---|
TCP | 22 | SSH to configure services |
TCP | 9631 | Habitat HTTP API |
TCP | 443 | Allow Users to reach UI / API |
TCP | 80 | Optional, Allows users to redirect to 443 |
TCP | 9200 | OpenSearch API HTTPS Access |
TCP | 9300 | Allows OpenSearch node to distribute data in its cluster. |
TCP/UDP | 9638 | Habitat gossip (UDP) |
TCP | 7432 | HAProxy, which redirects to Postgresql Leader |
TCP | 6432 | Re-elect Postgresql Leader, if Postgresql leader is down |
Was this page helpful?