Table of contents

Administer Instances


Reference

Network Ports

CloudBees Jenkins Enterprise run services that require network communication over several configurable ports. Depending on which services should be used, the following ports may need to be opened.

Defining Inbound Ports

CloudBees Jenkins Enterprise listens for connections on the ports listed below. Many of these ports are used for optional services and can be disabled or enabled according to organizational needs.

Default Port Protocol Configuring Description

8080

HTTP

--httpPort=$HTTP_PORT at command line (-1 to disable)

For deployments not using a Java Servlet Container, CloudBees Jenkins Enterprise default to serving its web interface on port 8080

Disabled

HTTPS

--httpsPort=$HTTP_PORT at command line (default or -1 to disable)

For deployments not using a Java Servlet Container, CloudBees Jenkins Enterprise can optionally respond over HTTPS.

8009

AJP

--ajp13Port=$AJP_PORT at command line (-1 to disable)

For deployments not using a Java Servlet Container, CloudBees Jenkins Enterprise can optionally respond over AJP v1.3 as an alternative to HTTP for reverse proxies.

Random

JNLP

Manage Jenkins > Configure Global Security > TCP port for JNLP agents

Exposes a port for agents to connect via the Java Network Launch Protocol (JNLP).

Random

SSH

Manage Jenkins > Configure System > SSH Server > SSHD Port

Exposes a subset of CLI commands and allowing plugins to add functionality over SSH.

33848/udp

UDP

-Dhudson.udp=$UDP_PORT at command line (-1 to disable)

Allows CloudBees Jenkins Enterprise instances to be auto-discovered using UDP multicast.

5353

DNS

-Dhudson.DNSMultiCast.disabled=true

Allows CloudBees Jenkins Enterprise instances to be auto-discovered using DNS Multicast.

Some plugins may run services which require additional ports to be opened. Refer to plugin-specific documentation for details.

Defining Outbound Ports

For some features, CloudBees Jenkins Enterprise require outbound access to services on ports as laid out below. Because these are outbound ports, which may change, we’ve described the standard ports, but your network may run these services on different ports and may require additional configuration.

Standard Port Service Configuring Description

25

SMTP

Manage Jenkins > Configure System > E-mail Notification > SMTP Port

For sending emails from build failures or via other plugins' email functionality, Jenkins needs access to an SMTP server.

389 (636)

LDAP (LDAPS)

Manage Jenkins > Configure Global Security > Access Control > Security Realm > LDAP > Server

If you plan to authenticate Jenkins users via an LDAP server, Jenkins will need access to the LDAP or LDAPS port. When accessing Microsoft Active Directory server, design for access to the Active Directory-specific ports, eg: 3268 for the Global Catalog.

CloudBees Jenkins Enterprise will require access to additional outbound ports based on the requirements of your jobs and additional plugins you configure.

Proxy Configuration

If the network requires a proxy, CloudBees Jenkins Enterprise will need to be configured to enable access to services outside of the network This is important for access to external services, such as the Update Center or external source control systems, but is not required for CloudBees Jenkins Enterprise to run.

Some plugins rely on proxy settings in different locations, so it’s best to set each depending on the plugin’s configuration requirements.