Confirming Server Network of the FineReport Project

  • Last update: 2025-02-27

    • Overview

    This document describes ports to be used by components of FineReport projects deployed via FineOps and server ports to be opened.

    iconNote:
    For instructions on port occupancy inspection and firewall configuration, see Port Occupancy Inspection and Firewall Configuration.

    Port Occupancy

    An O&M project includes many components, and some of them require port mapping to the server, occupying server ports for operation.

    Before deployment, ensure the port to be mapped automatically (default port) is not in use. If it is already in use, use a free port.

    Standalone

    iconNote:

    1. Ensure the configuration of ports on the main application server meets requirements if you have not prepared a component server.

    2. Ensure the port number of the ops_agent component on all servers is the same if you have prepared multiple servers.

    ServerComponentDefault PortDescription
    Main application serverfr8080Project-occupied port
    12100Port for the crash handling tool
    ops_agent9070Component-occupied port
    filebeat/
    		No ports occupied
    Component servernginx

    80

    Component-occupied port

    iconNote:
    Non-root users cannot use ports below 1024. Prepare another port if you use a non-root user for deployment.
    mysql3306Component-occupied port
    elasticsearch9200Component-occupied port
    ops_agent9070Component-occupied port
    iconNote:
    When opting for custom ports instead of the default ones listed in the table above, steer clear of the following ports.
    TypeReason
    Ports not available to non-root users

    If using a non-root user for installation, do not use ports below 1024.

    In a Linux environment, non-root users can only use ports 1024 and above.

    Ports deemed insecure by Google ChromeGoogle Chrome identifies the following ports as insecure ports with potential security threats. 

    Do not use the following ports, as doing so will prevent Google Chrome from accessing FineOps. 

    1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 69, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 137, 139, 143, 161, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 548, 554, 556, 563, 587, 601, 636, 989, 990, 993, 995, 1719, 1720, 1723, 2049, 3659, 4045, 5061, 6000, 6566, 6665, 6666, 6667, 6668, 6669, 6697, and 10080

    iconNote:
    Given Google Chrome's ongoing updates, the insecure port list may be updated. For the latest port information, see the official document of Google Chrome.

    Cluster

    iconNote:

    1. Each main application server is deployed with relevant components. You must check the port configuration of each main application server and ensure port consistency.

    2. If you have prepared multiple component servers, ensure the port configuration of all component servers is consistent and meets the requirements since the components are randomly assigned during installation.

    2. Ensure the port number of the ops_agent component on all servers is the same.

    ServerComponentDefault Port

    Description

    Main application serverfr

    8080

    		Project-occupied port
    12100Port for the crash handling tool

    7800

    7830

    7840

    7850

    7870

    		Port for TCP communication in the cluster
    ops_agent9070Component-occupied port
    filebeat/No ports occupied
    Component servernginx

    80

    Component-occupied port

    iconNote:
    Non-root users cannot use ports below 1024. Prepare another port if you use a non-root user for deployment.
    redis6379Component-occupied port
    mysql3306Component-occupied port
    minio

    9000

    9006

    		Port occupied by the client and the server
    elasticsearch9200Component-occupied port
    ops_agent9070
    		Component-occupied port

    iconNote:

    When opting for custom ports instead of the default ones listed in the table above, steer clear of the following ports. 

    TypeReason
    Ports not available to non-root users

    If using a non-root user for installation, do not use ports below 1024.

    In a Linux environment, non-root users can only use ports 1024 and above.

    Ports deemed insecure by Google ChromeGoogle Chrome identifies the following ports as insecure ports with potential security threats. 

    Do not use the following ports, as doing so will prevent Google Chrome from accessing FineOps. 

    1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 69, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 137, 139, 143, 161, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 548, 554, 556, 563, 587, 601, 636, 989, 990, 993, 995, 1719, 1720, 1723, 2049, 3659, 4045, 5061, 6000, 6566, 6665, 6666, 6667, 6668, 6669, 6697, and 10080

    iconNote:
    Given Google Chrome's ongoing updates, the insecure port list may be updated. For the latest port information, see the official document of Google Chrome.

    Networking

    To ensure normal access to O&M projects and smooth deployment and monitoring of O&M projects via FineOps, certain server ports must be opened for use.

    Extranet and FineOps

    Description
    		Extranet
    		RelationFineOps
    For the admin to access FineOps

    O&M personnel 

    (unlimited IP address)

    		Access ->

    FineOps nginx 

    • FineOps not configured with SSL: 80

    • FineOps configured with SSL: 443

    For reading or writing dataBusiness database<- Access ->

    FineOps nginx 

    • FineOps not configured with SSL: 80

    • FineOps configured with SSL: 443

    For FineOps to pull images from the cloud repository

    FanRuan cloud image repository

    		<- Access

    registry: 5000

    O&M Project

    Ensure the ports mentioned in the "Port Occupancy" section are interconnected.

    FineOps and O&M Project

    Description
    		FineOps
    		RelationO&M Project
    Basic O&MFineOps nginx

    • FineOps deployed by a root user: 80

    • FineOps deployed by a non-root user: 8090

    • FineOps configured with SSL: 443

    		<- Access

    Each application node of the project: 8080

    Transmitting the server and component indicator information of the project to FineOpsFineOps nginx

    • FineOps deployed by a root user: 80

    • FineOps deployed by a non-root user: 8090

    • FineOps configured with SSL: 443

    		<- Access

    The ops-agent component on every server of this project (on project nodes and cluster component nodes): 9070

    Tracing

    FineOps skywalking_oap:

    11800 and 12800

    		<- Access

    Each application node of the project: 8080

    Tracing

    FineOps skywalking_oap:

    11800 and 12800

    		<- Access

    FineOps nginx

    • FineOps not configured with SSL: 80

    • FineOps configured with SSL: 443

    Pulling components from the image repository of FineOps for project deploymentregistry: 5000<- Access

    The project node and the cluster component node on every server

    Attachment List


    Theme: FanRuan Project Deployment
    Previous
    Next
    • Helpful
    • Not helpful
    • Only read
    中文(繁體) 中文(简体)
    English