--- title: "Agent ports" slug: "agent-ports" description: "Learn about the required ports for Traceable's tracing and platform agents, including port configurations for OTLP, Zipkin, HTTP/HTTPS reverse proxies, and specific integrations like F5 and Apigee." updated: 2024-10-10T15:39:28Z published: 2024-10-10T15:39:28Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Agent ports The Agent Ports page provides essential information about the communication ports used by Traceable's tracing and platform agents. This topic covers the default ports, reverse proxy configuration, and specific port requirements for different functionalities. This topic details the ports required for communication between the Traceable Platform Agent (TPA) and other services. It also includes guidance on setting up HTTP and HTTPS reverse proxies to manage these connections. > **Note** > > As of TPA version **1.44.0**, **OPA** has been deprecated, and port **8181** is no longer required or used. ## Reverse Proxy Configuration ### HTTP Reverse Proxy By default, the TPA exposes individual listeners for each service and port. However, you can configure a reverse proxy for HTTP or HTTPS traffic. To configure an HTTP reverse proxy, enable it in the configuration as shown below: ```yaml # agentconfig.yaml global:  enable_http_reverse_proxy: true # false by default ``` This setting will expose port **5442** as an HTTP reverse proxy and handle all services except for ports 8443, 8444, and 5444. ### HTTPS Reverse Proxy For an HTTPS reverse proxy, update the TLS configuration: ```yaml # agentconfig.yaml global:  tls_server:    endpoint: "0.0.0.0:5443"    key_file: "../injector/pkg/injector/testdata/server.key"    cert_file: "../injector/pkg/injector/testdata/server.crt"    root_cert_file: "../injector/pkg/injector/testdata/rootCA.crt" ``` This configuration exposes port **5443** as an HTTPS reverse proxy, handling all services except ports 8443, 8444, and 5444. ### Reverse Proxy Limitations Both HTTP and HTTPS reverse proxies will work for most ports, except for: - **TCP 8443**: Used by the **F5 HSL listener**. - **TCP 8444**: Reserved for **Apigee**. ## Required Ports The following table lists the ports that need to be opened for communication between the tracing agent and the platform agent, along with the tracing agents that use each port: | Port number | Agents | | --- | --- | | OTLP — 4317 | - Go - Java - Node.js - Python - HAProxy Ingress Controller - eBPF Tracer - Boomi - Ambassador | | OTLP HTTP — 4318 | - Node.js Lambda - Python Lambda - Ruby | | Zipkin — 9411 | - Kong Ingress Controller - NGINX Ingress Controller - Istio - Kuma - Kong - NGINX - OpenResty - Ambassador | | Agent Config — 5441 | - NGINX - eBPF Tracer - Ambassador - Go - Java - Node.js - Python - HAProxy Ingress Controller | | Traceable Module Extension (TME) — 5442 | - Azure APIM - IIS - Gloo - Kong Ingress Controller - NGINX Ingress Controller - Istio - Kuma - Apigee Service Callout - Kong - Mulesoft with XML plugin - Mulesoft with Java plugin - OpenResty - IBM DataPower - 3Scale **Health Check** - F5 - GCP Traffic mirroring - Traffic mirroring for VM | | HAProxy TCP — 5444 | - HAProxy | | VXLAN — 4789 | - AWS traffic mirroring - F5 — Required when F5 mirrored traffic is routed through VXLAN | | TLS Packet Forwarder — 8001 | - Required when mirrored traffic is encrypted | | TCP — 8443 | - F5 HSL | | TCP — 8444 | - Apigee Message Logging | | TLS Server — 5443 | - Azure APIM - Go - Java - Node.js - IIS - Python - Apigee Service Callout - Mulesoft with XML plugin - Mulesoft with Java plugin - IBM DataPower - eBPF Tracer - CloudFlare Worker — Must use port 443 for worker on Traceable Platform agent. | > [!NOTE] > Note > > For DaemonSet Mirroring, no external ports need to be exposed. Mirroring to the Traceable Platform Agent (TPA) is conducted through a Unix domain socket, and the Go agent then exports data via the OTLP port.