It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

What is the random port opened by Jira Datacenter used for and what is the range of choices?

We've noticed that JIRA datacenter will always listen on the web traffic port and additionally on 8005, 40001, and a "random" port (we've seen e.g. 44698, 42255, 54267).

What are these ports used for?

What is the range of the ports that might be the "randomly" chosen one?

1 answer

1 accepted

1 vote
Answer accepted
Chris Fuller Atlassian Team Oct 02, 2016

8005 is used as the tomcat control port.  This is the one that commands like use to attempt a graceful shutdown of the application server.  This port is only opened on the loopback interface, so you needn't normally worry about it.

Most of the other ports you are asking about are associated with Java Remote Method Invocation, or RMI.  This allows one JVM to request that another JVM run code on its behalf, but largely hides the networking layer from the consumer, so it looks to the caller like it is invoking the method on any other local object.  Its use was a design decision made by the caching technology we chose to use for JIRA Data Center (JDC), which is called Ehcache

1099, which you did not list, is a control port used for RMI communication.  This is a registry service for RMI services, with a purpose vaguely like DNS.

40001, this is the default port that we suggest using for Ehcache to create its services on.  Each individual cache gets a URL that refers to it and that client can send requests to in order to say things like "Value X was removed from my cache, so you should remove it too".  You may configure this to a different port number if you wish.  (See Installing JIRA Data Center: file parameters for the relevant setting).

The "random" port has to do with RMI's default behaviour for handling incoming requests.  Here is somebody explaining it better than I could.  Specifically, this an RMI server socket used for handling individual requests, and we could create a custom RMIServerSocketFactory to modify the behaviour, but by default the port is left unspecified (0) meaning that a TCP ephemeral port is selected.  This range is operating system-specific and usually tunable with a registry setting (Windows) or kernel parameter (UNIX/Linux).  Of course, since this is a configuration parameter for the entire TCP/IP stack, this has system-wide implications, so it would be "nicer" if we added the extra supporting code necessary to be able to select the port range directly, instead.

@Chris Fuller Thanks for the explanation. We were also curious is the RMI traffic for JIRA Datacenter over SSL?

And also, is the request authenticated such that only other JIRA instances in the same Datacenter cluster may connect?

Chris Fuller Atlassian Team Oct 05, 2016

The answer to both questions is "no".  As documented in the installation instructions here:

and advised on a specific known security threat that results from allowing external access to RMI

you absolutely do need to secure access to the port yourself.  The recommendation is that you ensure the security of the network itself, either by using firewalls or establishing a secure network tunnel (IPSec, etc.)

Note/edit: The "specific InvokerTransformer vulnerability" I referred to is only meant as an example of what can go wrong.  We have done the corresponding update to Apache Collections in

so that specific vulnerability is addressed, but the very nature of what RMI does and the fact that these method calls influence cached data means that the port should be secured, anyway.

thanks @Chris Fuller though i'm not sure i see the relevant text in could you point it out please?

Chris Fuller Atlassian Team Oct 05, 2016


So the link I pasted is apparently only available to people with the rights to edit the page.  I can see it, but you get redirected to what it published.  So somebody added the security info, but never published it. sad

The unpublished section reads:


Ensure that only permit cluster nodes are allowed to connect to a JIRA Data Center instance's ehcache RMI port, which by default is port port 40001, through the use of a firewall and/or network segregation. Not restricting access to the ehcache RMI port could result in the compromise of a JIRA Data Center instance.

I'm not honestly certain why the changes weren't included in the public page.  I'll follow up w/ our docs people to figure out what needs to be done to fix this.


Like James Pope likes this

thanks for sharing. this seems to only mention the known port; is it not important in your view to protect the random port?

Chris Fuller Atlassian Team Oct 05, 2016

That reaches the extent of my knowledge about RMI's internals, I'm afraid.  However, I will say that Oracle's own RMI security recommendations suggest that they would not consider that communication to be intrinsically secure, either.  It's better to be safe than sorry.


thanks. indeed i agree.

The docs have been updated to include the Security details provided by Chris. Apologies for the omission!



Thanks for all of the information.  @Chris Fuller is there a bug we can watch to change the JIRA RMI port to a specific port?   This would make it easier to secure.  

Hi Ali, 

Please see feature request for this: 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Calling all Jira Cloud users! Give us feedback on our exploration of a new navigation.

Hi everyone! My name’s Matt and I’m a product manager at Atlassian. I work in the navigation & findability space for all our Jira Cloud products. We’ve been working on trying to improve the exp...

1,063 views 16 12
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you