Port List

Default ports used by Pigsty components, with related parameters and status.

This page lists default ports used by Pigsty module components. Adjust as needed or use as a reference for fine-grained firewall configuration.

Module	Component	Port	Parameter	Status
`NODE`	`node_exporter`	`9100`	`node_exporter_port`	Enabled
`NODE`	`haproxy`	`9101`	`haproxy_exporter_port`	Enabled
`NODE`	`vector`	`9598`	`vector_port`	Enabled
`NODE`	`keepalived_exporter`	`9650`	`vip_exporter_port`	Optional
`NODE`	`chronyd`	`123`	-	Enabled
`DOCKER`	`docker`	`9323`	`docker_exporter_port`	Optional
`INFRA`	`nginx`	`80`	`nginx_port`	Enabled
`INFRA`	`nginx`	`443`	`nginx_ssl_port`	Enabled
`INFRA`	`nginx_exporter`	`9113`	`nginx_exporter_port`	Enabled
`INFRA`	`grafana`	`3000`	`grafana_port`	Enabled
`INFRA`	`victoriaMetrics`	`8428`	`vmetrics_port`	Enabled
`INFRA`	`victoriaLogs`	`9428`	`vlogs_port`	Enabled
`INFRA`	`victoriaTraces`	`10428`	`vtraces_port`	Enabled
`INFRA`	`vmalert`	`8880`	`vmalert_port`	Enabled
`INFRA`	`alertmanager`	`9059`	`alertmanager_port`	Enabled
`INFRA`	`blackbox_exporter`	`9115`	`blackbox_port`	Enabled
`INFRA`	`dnsmasq`	`53`	`dns_port`	Enabled
`ETCD`	`etcd`	`2379`	`etcd_port`	Enabled
`ETCD`	`etcd`	`2380`	`etcd_peer_port`	Enabled
`MINIO`	`minio`	`9000`	`minio_port`	Enabled
`MINIO`	`minio`	`9001`	`minio_admin_port`	Enabled
`REDIS`	`redis`	`6379`	`redis_port`	Optional
`REDIS`	`redis_exporter`	`9121`	`redis_exporter_port`	Optional
`FERRET`	`ferretdb`	`27017`	`mongo_port`	Optional
`FERRET`	`ferretdb (TLS)`	`27018`	`mongo_ssl_port`	Optional
`FERRET`	`mongo_exporter`	`9216`	`mongo_exporter_port`	Enabled
`VIBE`	`code-server`	`8443`	`code_port`	Optional
`VIBE`	`jupyterlab`	`8888`	`jupyter_port`	Optional
`PGSQL`	`postgres`	`5432`	`pg_port`	Enabled
`PGSQL`	`pgbouncer`	`6432`	`pgbouncer_port`	Enabled
`PGSQL`	`patroni`	`8008`	`patroni_port`	Enabled
`PGSQL`	`pg_exporter`	`9630`	`pg_exporter_port`	Enabled
`PGSQL`	`pgbouncer_exporter`	`9631`	`pgbouncer_exporter_port`	Enabled
`PGSQL`	`pgbackrest_exporter`	`9854`	`pgbackrest_exporter_port`	Enabled
`PGSQL`	`{{ pg_cluster }}-primary`	`5433`	`pg_default_services`	Enabled
`PGSQL`	`{{ pg_cluster }}-replica`	`5434`	`pg_default_services`	Enabled
`PGSQL`	`{{ pg_cluster }}-default`	`5436`	`pg_default_services`	Enabled
`PGSQL`	`{{ pg_cluster }}-offline`	`5438`	`pg_default_services`	Enabled
`PGSQL`	`{{ pg_cluster }}-<service>`	`543x`	`pg_services`	Optional

Public Port Recommendations

If you use firewall zone mode, expose only minimum required ports via node_firewall_public_port:

Minimal management surface: 22, 80, 443 (recommended)
If public direct DB access is required: additionally expose 5432

Avoid exposing internal component ports directly to the public internet: etcd (2379/2380), patroni (8008), exporters (9xxx), minio (9000/9001), redis (6379), ferretdb (27017/27018), etc.

node_firewall_mode: zone
node_firewall_public_port: [22, 80, 443]
# node_firewall_public_port: [22, 80, 443, 5432]  # only if public DB access is required

Feedback

Was this page helpful?

Thanks for the feedback! Please let us know how we can improve.

Sorry to hear that. Please let us know how we can improve.

Last Modified 2026-02-14: docs(juice): refine JuiceFS config semantics and metric names (0510c97)