Port Numbers in JIRA

Navadeep July 10, 2017

#######################################

[root@jiraapp01 abc012]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno16780032
sources:
services: dhcpv6-client http https ssh
ports: 8090/tcp 8443/tcp 8005/tcp 8080/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
#######################################

Any other ports need to be open ? Like SMTP for email communications
Port 80 ?

Thanks,
Nav

1 comment

Comment

Log in or Sign up to comment
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
July 10, 2017

Incoming ports only need to have the port you want users to access JIRA on.

Outgoing - depends on what you want to connect JIRA to - SMTP, IMAP, POP, other Atlassian stuff like Hipchat, Bitbucket or Confluence etc.  They all run on other ports, so you'll be needing to allow JIRA to go out over them

Navadeep July 10, 2017

Thank you Nic, We have JIRA and Confluence Applications here in our company. We are planning for JIRA/Confluence Migration/Upgrade. Is port 80 necessary to be open ? 

 

Thanks,

Nav

Navadeep July 10, 2017

Is there any way to find from the JIRA application UI to find what all ports are open ?

Thanks,

Nav

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
July 10, 2017

It depends on what port you choose to run it on.  The default is 8080, but a lot of us relocate it.  Often with proxy throwing it over to a standard port, so the users and urls aren't required to give the port every time (As an example, almost all browsers assume port 80 if you use http in the urls, and port 443 if it's https)

The JIRA application doesn't expose it, but if you are using a non-standard port, it will be in the base url.

Navadeep July 10, 2017

Great !! Thanks Nic. 

How can I find out which firewall ports need to be  open while migrating/upgrading the JIRA to the target PROD environment.

Do I need to give the below information to Firewall team and let them know to keep all these below things as same.. ? 

For ex. If we have JIRA application interacting with BitBucket there  should be a firewall port opened between these both ?

Please suggest.

Also, when I checked my current production server of JIRA using the below command.

iptables -nL
======== 
I got below output(Attached the screenshot)

Thanks,
Nav

Navadeep July 10, 2017


ACCEPT all -- 147.144.20.234 147.144.20.234
ACCEPT all -- 147.144.20.234 127.0.0.1
ACCEPT all -- 127.0.0.1 127.0.0.1
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
OverrideIN all -- 0.0.0.0/0 0.0.0.0/0
WebserverIN all -- 0.0.0.0/0 0.0.0.0/0
SystemDefaultIN all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
ossecIN all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 147.144.20.234 147.144.20.234
ACCEPT all -- 147.140.20.214 127.0.0.1
ACCEPT all -- 127.0.0.1 127.0.0.1
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
OverrideOUT all -- 0.0.0.0/0 0.0.0.0/0
WebserverOUT all -- 0.0.0.0/0 0.0.0.0/0
SystemDefaultOUT all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
ossecOUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OverrideIN (1 references)
target prot opt source destination
ACCEPT tcp -- 147.140.20.41 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 10.184.22.39 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0 0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT all -- 147.140.20.172 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8090
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT all -- 147.140.45.235 0.0.0.0/0
ACCEPT tcp -- 10.187.12.129 0.0.0.0/0 tcp dpt:8443
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:161
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:161
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161

Chain OverrideOUT (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 147.140.45

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
July 10, 2017

>How can I find out which firewall ports need to be  open 

Assuming you want to use the systems raw, on their current ports (which means your users will be using urls with ports named in them, like https://ourjira.ourcompany:8080 ), then, while the applications are running a simple

netstat -plant

will list all open listening ports on a server.

Navadeep July 11, 2017

Thank you Nic. That was helpful

TAGS
AUG Leaders

Atlassian Community Events