FineOps Help

Confirming Server Network of the FineDataLink Project

  • Last update: 2025-03-25

    • Overview

    This document describes ports to be used by components of FineDataLink projects deployed via FineOps and server ports to be opened.

    icon

    Note:


    For instructions on port occupancy inspection and firewall configuration, see Port Occupancy Inspection and Firewall Configuration.

    Port Occupancy

    An O&M project includes many components, and some of them require port mapping to the server, occupying server ports for operation.

    Before deployment, ensure the port to be mapped automatically (default port) is not in use. If it is already in use, use a free port.

    A Single FineDataLink Application

    icon

    Note:

    1. This section outlines the port requirements for deploying the FineDataLink project. Components that require no port mapping to the host machine are not listed in the following table.

    2. Ensure the port number of the OPS Agent component on the FineDataLink application server and the component server (if you have prepared one) is the same.

    ComponentDefault PortDescription
    FineDataLink8068A port for the FineDataLink service
    15500A port for gpfdist
    FanRuan Internal Gateway80
    		A port for the platform service, which is the port used by users to access the project

    If you use a non-root user for deployment, use Port 1024 or above.

    MySQL

    3306

    A port for the configuration service

    Elasticsearch9200A port for the log service
    Kafka9092A component-occupied port
    OPS Agent9070A port for O&M management
    icon

    Note:

    When opting for custom ports instead of the default ones listed in the table above, steer clear of the following ports.
    TypeReason
    Ports not available to non-root users

    If using a non-root user for installation, do not use ports below 1024.

    In a Linux environment, non-root users can only use ports 1024 and above.

    Ports deemed insecure by Google ChromeGoogle Chrome identifies the following ports as insecure ports with potential security threats. 

    Do not use the following ports, as doing so will prevent Google Chrome from accessing FineOps. 

    1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 69, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 137, 139, 143, 161, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 548, 554, 556, 563, 587, 601, 636, 989, 990, 993, 995, 1719, 1720, 1723, 2049, 3659, 4045, 5060, 5061, 6000, 6566, 6665, 6666, 6667, 6668, 6669, 6697, and 10080

    iconNote:
    Given Google Chrome's ongoing updates, the insecure port list may be updated. For the latest port information, see the official document of Google Chrome.

    Multiple FineDataLink Applications

    icon

    Note:


    1. This section outlines the port requirements for deploying the FineDataLink application. Components that require no porting mapping to the host machine are not listed in the following table.

    2. If you have prepared multiple component servers, ensure the port configuration of all component servers is consistent and meets the requirements since the components are randomly assigned during installation.

    3. Ensure the port number of the OPS Agent component on all servers is the same.

    4. If you need to deploy a dual-node internal gateway, ensure you have reserved a port for the FanRuan internal gateway on the main application server.

    ServerComponentDefault Port

    Description

    Each main application serverFineDataLink

    8080

    		A port for the FineDataLink service
    7800A port for TCP communication in the cluster

    7830

    		A port for file synchronization

    7840

    		A versatile port for cluster caching 

    7850

    		A port for database caching
    7870A port for cluster node information management
    15500A port for gpfdist
    OPS Agent9070A port for O&M management
    Component serverFanRuan Internal Gateway

    80

    A port for the platform service, which is the port used by users to access the project

    When you use a non-root user for deployment, use Port 1024 or above.

    Elasticsearch9200A port for the log service
    MySQL3306A port for the configuration service
    Redis6379A port for the state service
    MinIO

    9000

    		A port for the MinIO API and the Web page
    9006A port for accessing the MinIO console
    Kafka9092A component-occupied port
    Nacos8848A port for HTTP-based communication
    9848A port for gRPC communication
    Nacos MySQL3307A service-occupied port
    OPS Agent9070
    		A port for O&M management

    icon

    Note:

    When opting for custom ports instead of the default ones listed in the table above, steer clear of the following ports. 
    TypeReason
    Ports not available to non-root users

    If using a non-root user for installation, do not use ports below 1024.

    In a Linux environment, non-root users can only use ports 1024 and above.

    Ports deemed insecure by Google ChromeGoogle Chrome identifies the following ports as insecure ports with potential security threats. 

    Do not use the following ports, as doing so will prevent Google Chrome from accessing FineOps. 

    1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 69, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 137, 139, 143, 161, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 548, 554, 556, 563, 587, 601, 636, 989, 990, 993, 995, 1719, 1720, 1723, 2049, 3659, 4045, 5060, 5061, 6000, 6566, 6665, 6666, 6667, 6668, 6669, 6697, and 10080

    iconNote:
    Given Google Chrome's ongoing updates, the insecure port list may be updated. For the latest port information, see the official document of Google Chrome.

    Networking

    To ensure normal access to O&M projects and smooth deployment and monitoring of O&M projects via FineOps, certain server ports must be opened for use.

    Extranet and O&M Project

    Description
    		Extranet
    		RelationO&M Project
    For the admin to access O&M Projects

    O&M personnel 

    (unlimited IP address)

    		Access ->

    Nginx of O&M projects

    • Without SSL: 80

    • With SSL: 443

    For reading or writing dataBusiness database<- Access ->

    Nginx of O&M projects

    • Without SSL: 80

    • With SSL: 443

    For pulling images from the cloud repository

    FanRuan cloud image repository

    		<- Access

    Registry: 5000

    O&M Project

    Ensure the ports mentioned in the "Port Occupancy" section are interconnected.

    FineOps and O&M Project

    Description
    		FineOps
    		RelationO&M Project
    Basic O&MFineOps Nginx

    • Deployed by a root user: 80

    • Deployed by a non-root user: 8090

    • With SSL: 443

    		<- Access

    Each application node of the project: 8068

    Transmitting the server and component indicator information of the project to FineOpsFineOps Nginx

    • Deployed by a root user: 80

    • Deployed by a non-root user: 8090

    • With SSL: 443

    		<- Access

    OPS Agent on every server of this project (on project nodes and cluster component nodes): 9070

    Tracing

    FineOps SkyWalking OAP:

    11800 and 12800

    		<- Access

    Each FineDataLink application node of the project: 8068

    Tracing

    FineOps SkyWalking OAP:

    11800 and 12800

    		<- Access

    Nginx of the project

    • Without SSL: 80

    • With SSL: 443

    Pulling components from the image repository of FineOps for project deploymentRegistry: 5000<- Access

    The project node and the cluster component node on every server



    Attachment List


    Theme: FanRuan Project Deployment
    Previous:Confirming Server Configuration of the FineDataLink Project
    Next:Preparing the FineDataLink Mounting Directory
    • Helpful
    • Not helpful
    • Only read
    中文(繁體) 中文(简体)
    English