Applicable to:
- Plesk for Windows
- Plesk for Linux
Answer
What ports need to be opened for all Plesk Services to work with a firewall?
Answer
Note: On OSes with enabled firewalld (CentOS/RHEL/CL 7, Debian 8/9, Ubuntu 16) all the required ports are opened automatically on Plesk Onyx 17.8 right after installation.
Generally, the ports that need to be opened depend on the services running on a server.
General Plesk access port is 8443 for https connection and 8880 for HTTP connection.
The possible ports that can be used by Plesk and its related services are listed below:
CONFIG_TEXT: #20 ftp-data (TCP)
#21 ftp (TCP)
#22 ssh (TCP)
#25 smtp (TCP)
#53 dns (TCP and UDP)
#80 http (Web server and Plesk updater) (TCP)
#106 poppassd (for localhost only) (TCP)
#110 pop3 (TCP)
#113 auth (TCP)
#143 imap (TCP)
#443 https (TCP)
#465 smtps (TCP)
#587 mail message submission (TCP)
#953 rndc (TCP)
#990 ftps (TCP)
#993 imaps (TCP)
#995 pop3s (TCP)
#1433 mssql (TCP) - Windows Only
#3306 mysql (TCP)
#3389 rdp (TCP) - Windows Only
#5224 (outgoing connections only) plesk-license-update (TCP)
#5432 postgres (TCP) - Linux Only
#6489 plesk migration agent (TCP) - Windows Only
#8401 sqladmin (TCP) - Windows Only
#8443 plesk-https (TCP)
#8447 autoinstaller (TCP)
#8880 plesk-http (TCP)
#12768 psa-pc-remote (for localhost only) (TCP) - Linux only, Postfix
#135, 139, 445 (TCP) ports for migration - Windows Only
#137, 138 (UPD) ports for migration - Windows Only
#10155 (TCP) for a custom Plesk Migrator service performing miscellaneous tasks - Windows Only
#10156 (TCP) for rsync server(migration) - Windows Only
In legacy Plesk versions, the following ports should be opened additionally:
-
Plesk 12.5.30 for migration purposes
CONFIG_TEXT: #1434 (TCP) and all (or manually selected) TCP ports for MS SQL, if it is used as a named instance
-
Plesk 12.0
CONFIG_TEXT: #4190 dovecot (TCP)
#6308 sw-cp-server (TCP) -
From Plesk 9.0 up to Plesk 10.2
CONFIG_TEXT: #11443 sw-cp-serverd (TCP)- Linux Only
#11444 sw-cp-serverd (TCP) - Linux Only
Additional Information
-
iptables command can be used to open ports while being connected via SSH . For example:
# iptables -A INPUT -p tcp --dport 21 -j ACCEPT
firewalld command:
# firewall-cmd --permanent --add-port=21/tcp
# firewall-cmd --reload
-
It may be required to open and configure
PassivePortsfor FTP:
How to configure Passive FTP port range on Linux Server
How to configure Passive FTP port range on Windows Server -
Access to none of these ports should be denied in
/etc/hosts.deny. If/etc/hosts.denyincludes general access rules, then explicit allowing rules should be put to/etc/hosts.allowfor all the ports mentioned (only the ports that accept incoming connections). -
The same rules also should be applied on any intermediate firewall/router that is between the Plesk server and an external network.
Comments
6 comments
Nginx needs 7080 and 7081. 953 needs to be opened for the DNS server (named). 12443 may also be needed, "Parallels Customer and Business Manager payment gateways".
Hi @feralfruitfreak, Nginx does not use 7080,7081 ports in Plesk, Apache uses it internally. Customer and Business Manager is not longer supported by Plesk.
I made a script to open all required ports on Centos firewall fast:
https://github.com/Reiser89/plesk-centos-firewall-opener
@Reiser
Hi!
Thank you for the script!
Other Pleskians may find it useful =)
./fwplesk.sh: ligne7: Erreur de syntaxe près du symbole inattendu « newline »
./fwplesk.sh: ligne7: `<!DOCTYPE html>'
syntax error signalized
Hello @GravuTrad,
Please contact the script developer as it is not created by Plesk:
https://github.com/Reiser89/plesk-centos-firewall-opener
Please sign in to leave a comment.