If you’re installing CleanSpeak on your own server, use the following guide as a baseline for securing the services. Please contact firstname.lastname@example.org if you have additional questions.
See the Configuration Reference for more information on default port configuration. The documentation below assumes the default port configuration.
CleanSpeak Management Interface
To access CleanSpeak Management Interface you’ll need to open port
To access the CleanSpeak API you’ll need to open port
CleanSpeak Search Engine
Suppose CleanSpeak Search Engine is running on the same system as the CleanSpeak Management Interface or CleanSpeak Webservice. If you’re only running a single instance of CleanSpeak, then no external ports should be allowed for CleanSpeak Search Engine. In this scenario, CleanSpeak Management Interface and CleanSpeak Webservice will access the Elasticsearch service on port
8020 on the localhost address, and traffic to ports
8021 can be blocked from any address with the exception of the localhost.
If CleanSpeak services are installed on multiple servers, and those servers can communicate across a private network using a site-local address, then in this scenario, you will need to allow access to ports
8021 on the site-local IP address in addition to the localhost address.
It is not recommended to expose the CleanSpeak Search Engine service to any public network. If this is a requirement, then a firewall should be used to limit traffic based upon the source and destination IP address to the service.
8020 port is utilized by Elasticsearch for internal communication, including clustering. The
8021 port is the HTTP port exposed by Elasticsearch for API requests to the search index. Elasticsearch for API requests to the search index.