{
  "id": "port-configurations",
  "title": "Network port configurations",
  "url": "https://redis.io/docs/latest/operate/rs/7.8/networking/port-configurations/",
  "summary": "This document describes the various network port ranges and their uses.",
  "content": "\nAll Redis Enterprise Software deployments span multiple physical/virtual nodes. You'll need to keep several ports open between these nodes. This document describes the various port ranges and their uses.\n\n\nWhenever you create a new database, you must verify that the ports assigned to the new database's endpoints are open. The cluster will not perform this verification for you.\n\n\n## Ports and port ranges used by Redis Enterprise Software\n\nRedis Enterprise Software's port usage falls into three general categories:\n\n- Internal: For traffic between or within cluster nodes\n- External: For traffic from client applications or external monitoring resources\n- Active-Active: For traffic to and from clusters hosting Active-Active databases\n\n| Protocol | Port | Configurable | Connection source | Description |\n|----------|------|--------------|-------------------|-------------|\n| TCP | 8001 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | Internal, External | Traffic from application to Redis Enterprise Software [Discovery Service]() |\n| TCP | 8070 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | External | Metrics exported and managed by the web proxy |\n| TCP | 3347-3349, 8000, 8071, 9091, 9125 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | Internal | Internal metrics ports |\n| TCP | 8443 | \u003cspan title=\"Configurable\"\u003e\u0026#x2705; Yes\u003c/span\u003e | Internal, External | Secure (HTTPS) access to the management web UI |\n| TCP | 9081 | \u003cspan title=\"Configurable\"\u003e\u0026#x2705; Yes\u003c/span\u003e | Internal | CRDB coordinator for Active-Active management (internal) |\n| TCP | 9443, 8080 | \u003cspan title=\"Configurable\"\u003e\u0026#x2705; Yes\u003c/span\u003e | Internal, External, Active-Active | REST API traffic, including cluster management and node bootstrap |\n| TCP | 10050 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | Internal | Zabbix monitoring |\n| TCP | 10000-10049, 10051-19999 | \u003cspan title=\"Configurable\"\u003e\u0026#x2705; Yes\u003c/span\u003e | Internal, External, Active-Active | Database traffic |\n| UDP | 53, 5353 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | Internal, External | DNS/mDNS traffic |\n| TCP | 1968 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | Internal | Proxy traffic |\n| TCP | 3333-3345, 3350, 36379 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | Internal | Internode communication |\n| TCP | 20000-29999 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | Internal | Database shard traffic |\n| TCP | 8002, 8004, 8006 | \u003cspan title=\"Configurable\"\u003e\u0026#x2705; Yes\u003c/span\u003e | Internal | Default system health monitoring (envoy admin, envoy management server, gossip envoy admin)|\n| TCP | 8444, 9080 | \u003cspan title=\"Not configurable\"\u003e\u0026#x274c; No\u003c/span\u003e | Internal | Traffic between web proxy and cnm_http/cm |\n\n## Change port configuration\n\n### Reserve ports\n\nRedis Enterprise Software reserves some ports by default (`system_reserved_ports`). To reserve other ports or port ranges and prevent the cluster from assigning them to database endpoints, configure `reserved_ports` using one of the following methods:\n\n- [rladmin cluster config]()\n\n    ```sh\n    rladmin cluster config reserved_ports \u003clist of ports/port ranges\u003e\n    ```\n\n    For example:\n\n    ```sh\n    rladmin cluster config reserved_ports 11000 13000-13010\n    ```\n\n- [Update cluster settings]() REST API request\n\n    ```sh\n    PUT /v1/cluster\n    { \"reserved_ports\": [\"list of ports/port ranges\"] }\n    ```\n\n    For example:\n\n    ```sh\n    PUT /v1/cluster\n    { \"reserved_ports\": [\"11000\", \"13000-13010\"] }\n    ```\n\n### Change the Cluster Manager UI port\n\nThe Redis Enterprise Software Cluster Manager UI uses port 8443, by default. You can change this to a custom port as long as the new port is not in use by another process.\n\nTo change this port, run:\n\n```sh\nrladmin cluster config cm_port \u003cnew-port\u003e\n```\n\nAfter changing the Redis Enterprise Software web UI port, you must connect any new node added to the cluster to the UI with the custom port number:\n`https://newnode.mycluster.example.com:`**`\u003cnonstandard-port-number\u003e`**\n\n### Change the envoy  ports\n\nFor system health monitoring, Redis uses the following ports by default:\n\n- Port 8002 for envoy admin\n\n- Port 8004 for envoy management server\n\n- Port 8006 for gossip envoy admin\n\nYou can change each envoy port to a custom port using the [`rladmin cluster config`]() command as long as the new port is not in use by another process. When you change `envoy_admin_port`, expect a restart of envoy.\n\nTo change the envoy admin port, run:\n\n```sh\n$ rladmin cluster config envoy_admin_port \u003cnew-port\u003e\nUpdating envoy_admin_port... restarting now\n```\n\nTo change the envoy management server port, run:\n\n```sh\n$ rladmin cluster config envoy_mgmt_server_port \u003cnew-port\u003e\nCluster configured successfully\n```\n\nTo change the gossip envoy admin port, run:\n\n```sh\n$ rladmin cluster config gossip_envoy_admin_port \u003cnew-port\u003e\nCluster configured successfully\n```\n\n### Change the REST API port\n\nFor the REST API, Redis Enterprise Software uses port 9443 (secure) and port 8080 (not secure), by default. You can change this to a custom port as long as the new port is not in use by another process.\n\nTo change these ports, run:\n\n```sh\nrladmin cluster config cnm_http_port \u003cnew-port\u003e\n```\n\n```sh\nrladmin cluster config cnm_https_port \u003cnew-port\u003e\n```\n\n### OS conflicts with port 53\n\n\n\n\n### Update `sysctl.conf` to avoid port collisions\n\n\n\n\n## Configure HTTPS\n\n### Require HTTPS for API endpoints\n\nBy default, the Redis Enterprise Software API supports communication over HTTP and HTTPS. However, you can turn off HTTP support to ensure that API requests are encrypted.\n\nBefore you turn off HTTP support, make sure you migrate any scripts or proxy configurations that use HTTP to the encrypted API endpoint to prevent broken connections.\n\nTo turn off HTTP support for API endpoints, run:\n\n```sh\nrladmin cluster config http_support disabled\n```\n\nAfter you turn off HTTP support, traffic sent to the unencrypted API endpoint is blocked.\n\n\n### HTTP to HTTPS redirection\nStarting with version 6.0.12, you cannot use automatic HTTP to HTTPS redirection.\nTo poll metrics from the `metrics_exporter` or to access the Cluster Manager UI, use HTTPS in your request. HTTP requests won't be automatically redirected to HTTPS for those services. \n\n## Nodes on different VLANs\n\nNodes in the same cluster must reside on the same VLAN. If you can't\nhost the nodes on the same VLAN, then you must open [all ports]() between them.\n",
  "tags": ["docs","operate","rs"],
  "last_updated": "2026-04-01T08:10:08-05:00"
}