Applicable to:
- Plesk for Windows
- Plesk for Linux
Note: On OSes with enabled firewalld(CentOS/RHEL/CL 7, Debian 8/9, Ubuntu 16) all the required ports are opened automatically on Plesk Onyx 17.8 right after installation.
Resolution
Generally, the ports that need to be opened depend on the services running on a server.
General Plesk access port is 8443 for https connection and 8880 for HTTP connection.
The possible ports that can be used by Plesk and its related services are listed below:
CONFIG_TEXT: #20 ftp-data (TCP)
#21 ftp (TCP)
#22 ssh (TCP)
#25 smtp (TCP)
#53 dns (TCP and UDP)
#80 http (Web server and Plesk updater) (TCP)
#106 poppassd (for localhost only) (TCP)
#110 pop3 (TCP)
#113 auth (TCP)
#143 imap (TCP)
#443 https (TCP)
#465 smtps (TCP)
#587 mail message submission (TCP)
#953 rndc (TCP)
#990 ftps (TCP)
#993 imaps (TCP)
#995 pop3s (TCP)
#1433 mssql (TCP) - Windows Only
#3306 mysql (TCP)
#3389 rdp (TCP) - Windows Only
#5224 (outgoing connections only) plesk-license-update (TCP)
#5432 postgres (TCP) - Linux Only
#6489 plesk migration agent (TCP) - Windows Only
#8401 sqladmin (TCP) - Windows Only
#8443 plesk-https (TCP)
#8447 autoinstaller (TCP)
#8880 plesk-http (TCP)
#12768 psa-pc-remote (for localhost only) (TCP) - Linux only, Postfix
#135, 139, 445 (TCP) ports for migration - Windows Only
#137, 138 (UPD) ports for migration - Windows Only
#10155 (TCP) for a custom Plesk Migrator service performing miscellaneous tasks - Windows Only
#10156 (TCP) for rsync server(migration) - Windows Only
Since version
12.0
:
CONFIG_TEXT: #4190 dovecot (TCP)
#6308 sw-cp-server (TCP)
Since version
12.5.30
for migration purposes:
CONFIG_TEXT: #135, 139, 445 (TCP) ports for migration - Windows Only
#137, 138 (UPD) ports for migration - Windows Only
#10155 (TCP) for a custom Plesk Migrator service performing miscellaneous tasks - Windows Only
#10156 (TCP) for rsync server(migration) - Windows Only
#1434 (TCP) and all (or manually selected) TCP ports for MS SQL, if it is used as a named instance
From version
9.0
to version
10.2
:
CONFIG_TEXT: #11443 sw-cp-serverd (TCP)- Linux Only
#11444 sw-cp-serverd (TCP) - Linux Only
iptables command can be used to open ports while being connected via SSH . For example:
# iptables -A INPUT -p tcp --dport 21 -j ACCEPT
firewalld command:
# firewall-cmd --permanent --add-port=21/tcp
# firewall-cmd --reload
Additional Information:
-
It may be required to open and configure
PassivePortsfor FTP:
How to configure Passive FTP port range on Linux Server
How to configure Passive FTP port range on Windows Server -
Access to none of these ports should be denied in
/etc/hosts.deny. If/etc/hosts.denyincludes general access rules, then explicit allowing rules should be put to/etc/hosts.allowfor all the ports mentioned (only the ports that accept incoming connections). -
The same rules also should be applied on any intermediate firewall/router that is between the Plesk server and an external network.
Comments
4 comments
Nginx needs 7080 and 7081. 953 needs to be opened for the DNS server (named). 12443 may also be needed, "Parallels Customer and Business Manager payment gateways".
Hi @feralfruitfreak, Nginx does not use 7080,7081 ports in Plesk, Apache uses it internally. Customer and Business Manager is not longer supported by Plesk.
I made a script to open all required ports on Centos firewall fast:
https://github.com/Reiser89/plesk-centos-firewall-opener
@Reiser
Hi!
Thank you for the script!
Other Pleskians may find it useful =)
Please sign in to leave a comment.