Private Cloud IP/Domain and Port List
In this article
Private Cloud deployments require certain ports within the cluster to be open and able to communicate with one another, as well as selected external sites.
Please note:
If you are using social providers for logins, the cluster must be able to connect to the social providers' endpoints.
The Jump Host IP is stable and provided at the time of setup.
Between cluster nodes
When possible, instances within a cluster should have full connectivity to each other so that you do not need to introduce new firewall rules if Auth0 adds new features. However, since this isn't possible in every environment, the following table lists the ports that are required to be open and accessible to other Private Cloud instances in the same cluster:
Port | Use | Required? | Notes |
---|---|---|---|
27017 | Database | Yes | |
7777 | Control | Yes | |
9001 | Rate Limiting | Yes | Required if rate limiting is used |
8721 | Webtask Logging/Control | Yes | Required for logging and debugging |
8701 | Webtask Logging/Control | Yes | Required for logging and debugging |
9200, 9300-9400 | Elastic Search | Yes | Required for Elastic Search |
3000 | Grafana instrumentation | No | Required if you are using Grafana instrumentation |
22 | Maintenance | No | Enables maintenance tasks to be done between nodes |
ICMP | Healthcheck | No | Allows healthchecks between nodes |
External connectivity
Use | Direction | IP/DNS | Port | Notes | Required? |
---|---|---|---|---|---|
All | Inbound | Your load balancer IP address (often on internal network) | 80/(443 or 4443) | For clusters with more than one node, a load balancer is required for resiliency and performance | Yes |
Webtask | Outbound | Your load balancer IP address (often on internal network) | 443 | Allows rules, webtasks, and extensions to call back to Auth0 endpoints | Yes |
Command Line Interface | Inbound and Outbound | CLI Applications (often on the internal network) | 10121 | Allows use of the Private Cloud Command Line Interface | No |
Updates | Outbound | apt-mirror.it.auth0.com (52.8.153.197) | 443 | Provides update packages for Private Cloud deployments | Yes |
Updates | Outbound | docker.it.auth0.com (52.9.124.234) | 443 | Provides updates for Private Cloud Docker Packages | Yes |
Web extensions, Hooks, and Management Dashboard | Outbound | cdn.auth0.com | 443 | Required to run web extensions and Hooks; also required for admins to browse to the Dashboard | Yes |
Examples | Outbound | github.com | 443 | Source to download and repackage example applications | No |
Usage & Telemetry | Outbound | app-gateway.it.auth0.com (52.40.103.203) | 443 | Provides usage and telemetry statistics | Yes |
Maintenance | Inbound | Jump Host | 22 | Allows access to Private Cloud instances for support purposes | No |
Healthcheck | Inbound | Monitoring Endpoint | 9110 | Allows access to Healthcheck endpoints | No |
DNS | Inbound and Outbound | Local domain servers | 53 | Required by the Private Cloud deployment to resolve host names internal and external to your environment | Yes |
SMTP | Outbound | SMTP Server(s) | 25/587 | Allows sending of emails from the Private Cloud deployment | No |