Default ports
Port Requirements → across different products
YugabyteDB Anywhere port requirements
For information on port requirements for YugabyteDB Anywhere and universes deployed using YugabyteDB Anywhere, refer to Networking requirements.Client APIs
Application clients connect to the following addresses:
| API | Port | Server | Flag (default) |
|---|---|---|---|
| YSQL | 5433 | YB-TServer | --pgsql_proxy_bind_address 0.0.0.0:5433 |
| YCQL | 9042 | YB-TServer | --cql_proxy_bind_address 0.0.0.0:9042 |
Internode RPC communication
Internode (server-to-server or node-to-node) communication, including xCluster, is managed using RPC calls on the following addresses:
| Server | Port | Flag (default) |
|---|---|---|
| YB-Master | 7100 | --rpc_bind_addresses 0.0.0.0:7100 |
| YB-TServer | 9100 | --rpc_bind_addresses 0.0.0.0:9100 --tserver_master_addrs 0.0.0.0:7100 --server_broadcast_addresses 0.0.0.0:9100 |
To enable login to the machines running these servers, the SSH port 22 should be opened.
xCluster uses the YB-Master port 7100 for the initial communication, and then uses the YB-TServer port 9100 to get data changes.
Port 7000 (to access the admin UI) should also be open to all nodes, as requests made to the Master UI of a non-leader Master are internally redirected to the leader Master's 7000 port.
The YB Controller service manages backup and restore operations. If you are using YB Controller, open the following port on all YugabyteDB nodes:
| Service | Port |
|---|---|
| YB Controller | 18018 |
Admin web server
Admin web server UI can be viewed at the following addresses:
| Server | Port | Flag (default) |
|---|---|---|
| YB-Master | 7000 | --webserver_interface 0.0.0.0 --webserver_port 7000 |
| YB-TServer | 9000 | --webserver_interface 0.0.0.0 --webserver_port 9000 |
For clusters started using yugabyted, the YugabyteDB UI can be viewed at the following address:
| Server | Port | Flag |
|---|---|---|
| YugabyteDB UI | 15433 | --ui (default is true) |
Firewall rules
The following common ports are required for firewall rules:
| Service | Port |
|---|---|
| SSH | 22 |
| HTTP for YugabyteDB Anywhere | 80 |
| HTTP for YugabyteDB Anywhere (alternate) | 8080 |
| HTTPS for YugabyteDB Anywhere | 443 |
| HTTP for Replicated | 8800 |
| Custom SSH port for universe nodes | 54422 |
Firewall changes for CIS hardened images
Running YugabyteDB on CIS hardened RHEL 8 or 9 requires the following changes to the firewall:
#!/bin/bash
sudo dnf repolist
sudo dnf config-manager --set-enabled extras
sudo dnf install -y firewalld
sudo systemctl start firewalld
ports=(5433 9042 7100 9100 18018 9070 7000 9000 12000 13000 15433)
for port in "${ports[@]}"; do
sudo firewall-cmd --zone=public --add-port=${port}/tcp --permanent
done
sudo firewall-cmd --reload
If you have customized any port settings, be sure to replace the port numbers as appropriate.
Prometheus monitoring
YugabyteDB servers expose time series performance metrics in the Prometheus exposition format on multiple HTTP endpoints that have the following structure:
<target>/prometheus-metrics
You can access the Prometheus server on port 9090 of the YugabyteDB Anywhere node, and you can see the list of targets at http://<yugaware-ip>:9090/targets. In particular, note port 9300 for node-level metrics:
| Service | Port |
|---|---|
| Prometheus server for YugabyteDB Anywhere | 9090 |
| Node Exporter | 9300 |
For information on using Prometheus with YugabyteDB, see Observability with Prometheus.
Servers
Use the following targets to monitor YB-TServer and YB-Master server metrics:
| Server | Target |
|---|---|
| YB-Master | <yb-master-address>:7000 |
| YB-TServer | <yb-tserver-address>:9000 |
| YugabyteDB UI | <yb-tserver-address>:15433 |
APIs
Use the following YB-TServer targets for the various API metrics:
| API | Target |
|---|---|
| YSQL | <yb-tserver-address>:13000 |
| YCQL | <yb-tserver-address>:12000 |