I’m testing using a self hosted HCP worker. The documentation says to open port 9202 to the world. As part of our security processes we are unable to have this. Is there a list of the servers or ranges to open to please?
Cheers
Riddle
1 Like
Hi @r1ddl3 port 9202 on the worker should be available for clients to connect to in order to allow session creation. So depending on where your end-users are connecting from, you could whitelist those IP addresses/CIDR blocks on your firewall.
The worker makes outbound connections to the HCP control plane so port 9202 need not be opened to the HCP control plane.
Copying the network requirements from this link
The following ports should be available:
- Clients must have access to the Controller’s
apiport (default 9200) - Clients must have access to the Worker’s port (default 9202)
- Workers must have access to the Controller’s
clusterport (default 9201) - Workers must have a route and port access to the hosts defined within the system in order to provide connectivity
Good morning. I just wanted to validate a bit about your env, before answering. If you’re using HCP boundary, then you could just use HCP managed workers for ingress and then run a self-managed worker in your network for egress. Using this setup, you won’t have to open any ports on your network; since the egress self-managed worker will “phone home” which eliminates any need to open a port.