Server

Ports Usage and Firewall Considerations

Updated: December 5, 2024

Changing the Default HTTP Port (8080)

Nuxeo applications run on the 8080 port by default. As it may be used by another application, you may need to change it. Add the parameters below if they are not already defined in the nuxeo.conf file:

  • nuxeo.server.http.port=8180
  • nuxeo.server.ajp.port=8109
  • nuxeo.server.tomcat_admin.port=8105

Firewall Considerations

Firewalls don't like inactive connections that stay open. Most of them will drop the connection silently, which will generate errors on connections pools like database, AJP or LDAP. Here is some advice to prevent this.

Firewall Between Apache and the Nuxeo Platform in AJP Mode

If you are using mod_proxy_ajp, you can activate a TCP keep alive to prevent persistent connections from being dropped. This requires the usage of mod_proxy options keepalive=on and flushpackets=on. You also need to configure the TCP keep alive delay using sysctl (net.ipv4.TCP_keepalive_time).

Refer to mod_proxy documentation for more information.

Firewall Between the Nuxeo Platform and the Database

Database pool can try to reconnect on invalid connection (NXP-7528) but it is better to enable the keep alive on your database. For instance using PostgreSQL, this can be achieved with the following options:

OptionValueDescription
tcp_keepalives_count
5Maximum number of TCP keepalive retransmits.
tcp_keepalives_idle
60Time between issuing TCP keepalives.
tcp_keepalives_interval
60Time between TCP keepalive retransmits.

Firewall Between the Nuxeo Platform and LDAP

Here, there are no keep alive alternative. You can simply disable the LDAP connection pool in the directory configuration.