Agent ports

Updated on 10 Oct 2024
1 Minute to read

Article summary

Did you find this summary helpful?

Thank you for your feedback

The Agent Ports page provides essential information about the communication ports used by Traceable's tracing and platform agents. This topic covers the default ports, reverse proxy configuration, and specific port requirements for different functionalities.

This topic details the ports required for communication between the Traceable Platform Agent (TPA) and other services. It also includes guidance on setting up HTTP and HTTPS reverse proxies to manage these connections.

Note
As of TPA version 1.44.0, OPA has been deprecated, and port 8181 is no longer required or used.

Reverse Proxy Configuration

HTTP Reverse Proxy

By default, the TPA exposes individual listeners for each service and port. However, you can configure a reverse proxy for HTTP or HTTPS traffic.

To configure an HTTP reverse proxy, enable it in the configuration as shown below:

# agentconfig.yaml
global:
  enable_http_reverse_proxy: true # false by default

This setting will expose port 5442 as an HTTP reverse proxy and handle all services except for ports 8443, 8444, and 5444.

HTTPS Reverse Proxy

For an HTTPS reverse proxy, update the TLS configuration:

# agentconfig.yaml
global:
  tls_server:
    endpoint: "0.0.0.0:5443"
    key_file: "../injector/pkg/injector/testdata/server.key"
    cert_file: "../injector/pkg/injector/testdata/server.crt"
    root_cert_file: "../injector/pkg/injector/testdata/rootCA.crt"

This configuration exposes port 5443 as an HTTPS reverse proxy, handling all services except ports 8443, 8444, and 5444.

Reverse Proxy Limitations

Both HTTP and HTTPS reverse proxies will work for most ports, except for:

TCP 8443: Used by the F5 HSL listener.
TCP 8444: Reserved for Apigee.

Required Ports

The following table lists the ports that need to be opened for communication between the tracing agent and the platform agent, along with the tracing agents that use each port:

Port number	Agents
OTLP — 4317	Go Java Node.js Python HAProxy Ingress Controller eBPF Tracer Boomi Ambassador
OTLP HTTP — 4318	Node.js Lambda Python Lambda Ruby
Zipkin — 9411	Kong Ingress Controller NGINX Ingress Controller Istio Kuma Kong NGINX OpenResty Ambassador
Agent Config — 5441	NGINX eBPF Tracer Ambassador Go Java Node.js Python HAProxy Ingress Controller
Traceable Module Extension (TME) — 5442	Azure APIM IIS Gloo Kong Ingress Controller NGINX Ingress Controller Istio Kuma Apigee Service Callout Kong Mulesoft with XML plugin Mulesoft with Java plugin OpenResty IBM DataPower 3Scale Health Check F5 GCP Traffic mirroring Traffic mirroring for VM
HAProxy TCP — 5444	HAProxy
VXLAN — 4789	AWS traffic mirroring F5 — Required when F5 mirrored traffic is routed through VXLAN
TLS Packet Forwarder — 8001	Required when mirrored traffic is encrypted
TCP — 8443	F5 HSL
TCP — 8444	Apigee Message Logging
TLS Server — 5443	Azure APIM Go Java Node.js IIS Python Apigee Service Callout Mulesoft with XML plugin Mulesoft with Java plugin IBM DataPower eBPF Tracer CloudFlare Worker — Must use port 443 for worker on Traceable Platform agent.

Note
For DaemonSet Mirroring, no external ports need to be exposed. Mirroring to the Traceable Platform Agent (TPA) is conducted through a Unix domain socket, and the Go agent then exports data via the OTLP port.

Was this article helpful?

What's Next

Platform agent to Traceable Platform via HTTP/1.1

On this page

Reverse Proxy Configuration
Required Ports

Agent ports

Reverse Proxy Configuration

HTTP Reverse Proxy

HTTPS Reverse Proxy

Reverse Proxy Limitations

Required Ports

What's Next

product

personas

learn

company