On Wed, Feb 22, 2012 at 1:37 PM, David Weintraub <qazw...@gmail.com> wrote:
> Our new Jenkins server has had all of its ports locked down. I mean
> practically every single one. I had to create a ticket to our techs to
> open the required ports.
>
> Unfortunately, I'm not 100% sure what I should ask for. I bet other
> people have been in this position too. So, what ports would you
> recommend must remain open on a Jenkins server. Here's a few I listed:
>
> Port 8080 and 8001: These are the default ports Jenkins uses. The 8001
> is a control port.
> Port 2368: Subversion's svnserve port. We normally use http:, but it's
> nice to have the option. I can use svnserve with different permissions
> than httpd. and it's a bit faster.
>
> Port 25: SMTP Mail Server
>
> Ports 53, 389, 636, 2368, and 2369: These are required for Active
> Directory (maybe others might be required too). If you can't use
> Active Directory, you might be able to use LDAP over port 389 or port
> 2368, or LDAPS over 636 or 2369.
>
> Port 123: This is for the Network Time Protocol (NTP). Useful to sync
> the clocks between Jenkins, your users, and the source repositories.
>
> Port 4560: Used by Log4J
>
> Port: 8000-8999: For future services. Maybe Sventon, JNLP used by
> Jenkins for slave control, etc.
>
> Any other ports you feel might be important? For example, maybe I
> should have something for a SQL database.
I always run it via apache's ajp proxy (as /jenkins) so you only need
port 80 open from most locations and it can co-exist with other web
services on that port. If it is a linux box, you'll want port 22 for
ssh but maybe that goes without saying. And ssh outbound to the
slaves if you start them that way.
--
Les Mikesell
lesmikes...@gmail.com
