网络端口配置

本文档介绍了各种网络端口范围及其用途。

Redis 企业软件

所有 Redis Enterprise Software 部署都跨越多个物理/虚拟节点。您需要在这些节点之间保持多个端口打开。本文档介绍各种端口范围及其用途。

注意：

无论何时创建新数据库，都必须验证分配给新数据库终端节点的端口是否已打开。集群不会为您执行此验证。

Redis Enterprise Software 使用的端口和端口范围

Redis Enterprise Software 的端口使用情况分为三大类：

内部：对于集群节点之间或集群节点内的流量
外部：对于来自客户端应用程序或外部监控资源的流量
主动-主动：用于托管主动-主动数据库的集群的流量

协议	港口	配置	连接源	描述
TCP 协议	8001	❌ 不	内部、外部	从应用程序到 Redis Enterprise Software Discovery Service 的流量
TCP 协议	8070	❌ 不	外部	由 Web 代理导出和管理的量度
TCP 协议	3347-3349, 8000, 8071, 9091, 9125	❌ 不	内部	内部指标端口
TCP 协议	8443	✅ 是的	内部、外部	对管理 Web UI 的安全（HTTPS）访问
TCP 协议	9081	✅ 是的	内部	用于主动-主动管理的 CRDB 协调器（内部）
TCP 协议	9443, 8080	✅ 是的	内部、外部、主动-主动	REST API 流量，包括集群管理和节点引导
TCP 协议	10050	❌ 不	内部	Zabbix 监控
TCP 协议	10000-10049, 10051-19999	✅ 是的	内部、外部、主动-主动	数据库流量
UDP 协议	53, 5353	❌ 不	内部、外部	DNS/mDNS 流量
TCP 协议	1968	❌ 不	内部	代理流量
TCP 协议	3333-3345, 3350, 36379	❌ 不	内部	节点间通信
TCP 协议	20000-29999	❌ 不	内部	数据库分片流量
TCP 协议	8002, 8004, 8006	✅ 是的	内部	默认系统运行状况监控（envoy admin、envoy management server、gossip envoy admin）
TCP 协议	8444, 9080	❌ 不	内部	Web 代理与 cnm_http/cm 之间的流量

更改端口配置

预留端口

Redis Enterprise Software 默认保留一些端口（system_reserved_ports).要保留其他端口或端口范围并防止集群将它们分配给数据库终端节点，请配置reserved_ports使用以下方法之一：

rladmin 集群配置

rladmin cluster config reserved_ports <list of ports/port ranges>

For example:


rladmin cluster config reserved_ports 11000 13000-13010



Update cluster settings REST API request
PUT /v1/cluster
{ "reserved_ports": ["list of ports/port ranges"] }
For example:

PUT /v1/cluster
{ "reserved_ports": ["11000", "13000-13010"] }


Change the Cluster Manager UI port
The Redis Enterprise Software Cluster Manager UI uses port 8443, by default. You can change this to a custom port as long as the new port is not in use by another process.
To change this port, run:
rladmin cluster config cm_port <new-port>
After changing the Redis Enterprise Software web UI port, you must connect any new node added to the cluster to the UI with the custom port number:
https://newnode.mycluster.example.com:<nonstandard-port-number>

Change the envoy  ports
For system health monitoring, Redis uses the following ports by default:


Port 8002 for envoy admin


Port 8004 for envoy management server


Port 8006 for gossip envoy admin


You can change each envoy port to a custom port using the rladmin cluster config command as long as the new port is not in use by another process. When you change envoy_admin_port, expect a restart of envoy.
To change the envoy admin port, run:
$ rladmin cluster config envoy_admin_port <new-port>
Updating envoy_admin_port... restarting now
To change the envoy management server port, run:

$ rladmin cluster config envoy_mgmt_server_port <new-port>
Cluster configured successfully
To change the gossip envoy admin port, run:

$ rladmin cluster config gossip_envoy_admin_port <new-port>
Cluster configured successfully
Change the REST API port

For the REST API, Redis Enterprise Software uses port 9443 (secure) and port 8080 (not secure), by default. You can change this to a custom port as long as the new port is not in use by another process.
To change these ports, run:
rladmin cluster config cnm_http_port <new-port>
rladmin cluster config cnm_https_port <new-port>
OS conflicts with port 53




  If port 53 is in use, the installation fails. This issue can occur in default installations of certain operating systems in which systemd-resolved (DNS server) is running.
To prevent this issue, change the system configuration to make this port available before installation.


Edit /etc/systemd/resolved.conf:
sudo vi /etc/systemd/resolved.conf


Add DNSStubListener=no as the last line in the file and save the file.


Rename the current /etc/resolv.conf file:
sudo mv /etc/resolv.conf /etc/resolv.conf.orig


Create a symbolic link for /etc/resolv.conf:
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf


  
  
  
  
  Note:
  You might encounter a temporary name resolution error (sudo: unable to resolve host {hostname}: Temporary failure in name resolution), which should be fixed when you restart systemd-resolved in the next step.




Restart the DNS service:
sudo service systemd-resolved restart




Update sysctl.conf to avoid port collisions



  To avoid port collision, update /etc/sysctl.conf to include:
net.ipv4.ip_local_port_range = 30000 65535


Configure HTTPS
Require HTTPS for API endpoints
By default, the Redis Enterprise Software API supports communication over HTTP and HTTPS. However, you can turn off HTTP support to ensure that API requests are encrypted.
Before you turn off HTTP support, make sure you migrate any scripts or proxy configurations that use HTTP to the encrypted API endpoint to prevent broken connections.
To turn off HTTP support for API endpoints, run:
rladmin cluster config http_support disabled
After you turn off HTTP support, traffic sent to the unencrypted API endpoint is blocked.

HTTP to HTTPS redirection
Starting with version 6.0.12, you cannot use automatic HTTP to HTTPS redirection.
To poll metrics from the metrics_exporter or to access the Cluster Manager UI, use HTTPS in your request. HTTP requests won't be automatically redirected to HTTPS for those services.
Nodes on different VLANs
Nodes in the same cluster must reside on the same VLAN. If you can't
host the nodes on the same VLAN, then you must open all ports between them.

        

  
  
    
      RATE THIS PAGE
      
        
        
        ★
        
        
        ★
        
        
        ★
        
        
        ★
        
        
        ★
        
      
      
    
      Back to top ↑

网络端口配置

Redis Enterprise Software 使用的端口和端口范围

更改端口配置

预留端口

Change the Cluster Manager UI port

Change the envoy ports

`Change the REST API port`

`OS conflicts with port 53`

Update `sysctl.conf` to avoid port collisions

Configure HTTPS

Require HTTPS for API endpoints

HTTP to HTTPS redirection

Nodes on different VLANs

On this page