Ports inventory
tcp/8080exposes a REST API for bouncers,cscliand communication between crowdsec agent and local apitcp/6060(endpoint/metrics) exposes prometheus metricstcp/6060(endpoint/debug) exposes pprof debugging metrics
Outgoing connections
- Local API connects to
tcp/443onapi.crowdsec.net(signal push and blocklists pull) - Local API connects to
tcp/443onblocklists.api.crowdsec.net(blocklists pull) - Local API connects to
tcp/443onpapi.api.crowdsec.net(console management) cscliconnects totcp/443oncdn-hub.crowdsec.netto fetch scenarios, parsers etc. (1)cscliconnects totcp/443onversion.crowdsec.netto check latest version available. (2)cscliconnects totcp/443onhub-data.crowdsec.netto fetch external data loaded by parsers, scenario and postoverflows. (2)cscli dashboardfetches metabase configuration from a s3 bucket (https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/)- Installation script is hosted on
install.crowdsec.netover HTTPS. - Repositories are hosted on
packagecloud.ioover HTTPS.
(1) - This FQDN routes traffic to CrowdSec's GitHub repositories through CloudFront, which helps avoid GitHub rate limits.
AWS publishes the CloudFront IP ranges; CloudFront entries are tagged CLOUDFRONT.
(2) - This FQDN routes traffic to CrowdSec's GitHub repository through Cloudflare, which helps avoid GitHub rate limits. Cloudflare publishes its IP ranges: IPv4 and IPv6.
Communication between components
Bouncers -> Local API
- Bouncers are using Local API on
tcp/8080by default
Agents -> Local API
- Agents connect to local API on port
tcp/8080(only relevant )
Local API -> Central API
- Central API is reached on port
tcp/443by Local API. The FQDN isapi.crowdsec.net
Local API -> Database
- When using a networked database (PostgreSQL or MySQL), only the local API needs to access the database, agents don't have to be able to communicate with it.
Prometheus -> Agents
- If you're scrapping prometheus metrics from your agents or your local API, you need to allow inbound connections to
tcp/6060
