Port Configuration Reference

Complete guide to ports used by ANTE ERP and how to configure them.

Default Port Mappings

Application Ports

Service	Internal Port	External Port	Protocol	Required	Purpose
Frontend	80	8080	HTTP	✅ Yes	Web interface
Backend API	3001	3001	HTTP	✅ Yes	REST API endpoints
WebSocket	4001	4001	WS	✅ Yes	Real-time updates

Database Ports (Internal Only - Recommended)

Service	Internal Port	External Port	Protocol	Expose?	Purpose
PostgreSQL	5432	5433	TCP	⚠️ No	Main database
Redis	6379	6380	TCP	⚠️ No	Cache & sessions
MongoDB	27017	27018	TCP	⚠️ No	Document storage

Security Notice

Database ports should NOT be exposed publicly. Keep them internal to the Docker network for security.

With Reverse Proxy (Production)

Service	Port	Purpose
Nginx/Reverse Proxy	80	HTTP (redirect to HTTPS)
Nginx/Reverse Proxy	443	HTTPS (secure access)

Port Configuration

Default Configuration

In docker-compose.yml:

services:
  frontend:
    ports:
      - "8080:80"  # Host:Container

  backend:
    ports:
      - "3001:3001"  # API
      - "4001:4001"  # WebSocket

  postgres:
    # No ports exposed (internal only)
    # ports:
    #   - "5433:5432"

  redis:
    # No ports exposed (internal only)
    # ports:
    #   - "6380:6379"

  mongodb:
    # No ports exposed (internal only)
    # ports:
    #   - "27018:27017"

Changing Ports

Method 1: Environment Variables

Add to .env:

# Application Ports
FRONTEND_PORT=8080
BACKEND_PORT=3001
WEBSOCKET_PORT=4001

# Database Ports (if exposing)
POSTGRES_PORT=5433
REDIS_PORT=6380
MONGO_PORT=27018

Update docker-compose.yml:

services:
  frontend:
    ports:
      - "${FRONTEND_PORT:-8080}:80"

  backend:
    ports:
      - "${BACKEND_PORT:-3001}:3001"
      - "${WEBSOCKET_PORT:-4001}:4001"

Method 2: Direct Edit

Edit docker-compose.yml directly:

services:
  frontend:
    ports:
      - "9000:80"  # Change 8080 to 9000

  backend:
    ports:
      - "4000:3001"  # Change 3001 to 4000
      - "5000:4001"  # Change 4001 to 5000

After Changing Ports

1. Update .env file with new URLs
2. Restart services: docker compose down && docker compose up -d
3. Update firewall rules
4. Update Nginx configuration (if using)

Port Binding Options

Bind to All Interfaces (Default)

ports:
  - "8080:80"  # Accessible from any IP
  # Same as: "0.0.0.0:8080:80"

Bind to Localhost Only

ports:
  - "127.0.0.1:8080:80"  # Only accessible from localhost

Bind to Specific IP

ports:
  - "192.168.1.100:8080:80"  # Only accessible from specific IP

Checking Port Usage

Check if Port is Available

# Method 1: Using netstat
sudo netstat -tulpn | grep :8080

# Method 2: Using ss
sudo ss -tulpn | grep :8080

# Method 3: Using lsof
sudo lsof -i :8080

# Method 4: Try to bind
nc -zv localhost 8080

Find What's Using a Port

# Show process using port
sudo lsof -i :8080

# Or with netstat
sudo netstat -tulpn | grep :8080

# Sample output:
# tcp  0  0  0.0.0.0:8080  0.0.0.0:*  LISTEN  1234/docker-proxy

Kill Process on Port

# Find PID
sudo lsof -ti :8080

# Kill process
sudo kill -9 $(sudo lsof -ti :8080)

Port Conflicts

Common Conflicts

Port	Common Conflict	Solution
80	Apache, Nginx	Stop web server or change port
443	Apache, Nginx	Stop web server or change port
3000	Other Node apps	Change backend port
5432	Local PostgreSQL	Change external port to 5433
6379	Local Redis	Change external port to 6380
27017	Local MongoDB	Change external port to 27018

Resolving Conflicts

Option 1: Stop Conflicting Service

# Stop Apache
sudo systemctl stop apache2

# Stop Nginx
sudo systemctl stop nginx

# Stop PostgreSQL
sudo systemctl stop postgresql

Option 2: Change ANTE ERP Ports

# In docker-compose.yml
services:
  frontend:
    ports:
      - "8081:80"  # Changed from 8080

Option 3: Change Conflicting Service Port

# Change Apache port
sudo nano /etc/apache2/ports.conf
# Change: Listen 80 → Listen 8888

# Restart Apache
sudo systemctl restart apache2

Firewall Configuration

UFW (Ubuntu/Debian)

# Allow application ports
sudo ufw allow 8080/tcp comment 'ANTE Frontend'
sudo ufw allow 3001/tcp comment 'ANTE Backend API'
sudo ufw allow 4001/tcp comment 'ANTE WebSocket'

# Allow HTTPS (if using reverse proxy)
sudo ufw allow 80/tcp comment 'HTTP'
sudo ufw allow 443/tcp comment 'HTTPS'

# Check rules
sudo ufw status numbered

# Remove rule (by number)
sudo ufw delete 5

Firewalld (CentOS/RHEL)

# Allow ports
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=3001/tcp
sudo firewall-cmd --permanent --add-port=4001/tcp

# Or use services
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

# Reload firewall
sudo firewall-cmd --reload

# List rules
sudo firewall-cmd --list-all

# Remove port
sudo firewall-cmd --permanent --remove-port=8080/tcp

iptables

# Allow ports
sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 3001 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 4001 -j ACCEPT

# Save rules
sudo iptables-save > /etc/iptables/rules.v4

# List rules
sudo iptables -L -n -v

Reverse Proxy Configuration

Nginx Proxy Setup

When using Nginx as reverse proxy:

server {
    listen 80;
    server_name erp.yourcompany.com;

    # Frontend
    location / {
        proxy_pass http://localhost:8080;
    }

    # Backend API
    location /api/ {
        proxy_pass http://localhost:3001/;
    }

    # WebSocket
    location /socket.io/ {
        proxy_pass http://localhost:4001/socket.io/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Then only port 80 (and 443 for HTTPS) needs to be exposed.

Port Testing

Test Connectivity

# Test if port is open (from same machine)
telnet localhost 8080

# Test from remote machine
telnet server-ip 8080

# Using nc (netcat)
nc -zv localhost 8080

# Using curl
curl -I http://localhost:8080
curl http://localhost:3001/health

Test Through Firewall

# From external machine
curl -I http://YOUR_SERVER_IP:8080

# Test WebSocket
wscat -c ws://YOUR_SERVER_IP:4001

# If wscat not installed:
npm install -g wscat

Docker Port Mapping

How Port Mapping Works

Host Machine         Docker Container
─────────────────    ────────────────
0.0.0.0:8080    →    Container:80
    ↓                     ↓
Internet/Network ─────→ Application

Inspect Port Mappings

# Show all port mappings
docker compose ps

# Show specific container ports
docker port ante-frontend

# Example output:
# 80/tcp -> 0.0.0.0:8080
# 80/tcp -> [::]:8080

Dynamic Port Assignment

Let Docker assign ports automatically:

services:
  frontend:
    ports:
      - "80"  # Docker assigns random external port

# Find assigned port:
# docker port ante-frontend 80

Network Modes

Bridge Network (Default)

services:
  backend:
    networks:
      - ante-network
    ports:
      - "3001:3001"  # Port mapping required

Host Network (Not Recommended)

services:
  backend:
    network_mode: "host"
    # No port mapping needed
    # Uses host's network directly

None Network (Isolated)

services:
  backend:
    network_mode: "none"
    # No network access

Advanced Configuration

Multiple External IPs

services:
  frontend:
    ports:
      - "192.168.1.100:8080:80"  # IP 1
      - "192.168.1.101:8080:80"  # IP 2

Port Range Mapping

services:
  backend:
    ports:
      - "3001-3010:3001-3010"  # Map range of ports

UDP Ports

services:
  custom_service:
    ports:
      - "53:53/udp"  # Specify UDP protocol

Troubleshooting Port Issues

Port Already in Use

# Find and kill process
sudo lsof -ti :8080 | xargs sudo kill -9

# Or change port in docker-compose.yml

Cannot Access from Network

# Check if bound to all interfaces
docker port ante-frontend
# Should show: 0.0.0.0:8080

# Check firewall
sudo ufw status
sudo firewall-cmd --list-all

# Test from another machine
curl http://SERVER_IP:8080

WebSocket Not Connecting

# Check WebSocket port is open
sudo lsof -i :4001

# Test WebSocket
curl -I http://localhost:4001

# Check proxy configuration (if using Nginx)

Port Security Best Practices

1. Minimize Exposed Ports

# ✅ Good: Only expose necessary ports
services:
  postgres:
    # Don't expose database ports
    # Internal access only through Docker network

2. Use Localhost Binding

# ✅ Good: Bind to localhost for admin tools
services:
  prometheus:
    ports:
      - "127.0.0.1:9090:9090"

3. Use Reverse Proxy

# ✅ Good: Single entry point
# Only expose 80/443 on reverse proxy
# All other services internal

4. Regular Audits

# List all open ports
sudo netstat -tulpn

# Check Docker exposed ports
docker ps --format "table {{.Names}}\t{{.Ports}}"

Port Configuration Examples

Minimal (Reverse Proxy)

services:
  frontend:
    # Not exposed - accessed through proxy
  backend:
    # Not exposed - accessed through proxy
  nginx:
    ports:
      - "80:80"
      - "443:443"

Development (All Exposed)

services:
  frontend:
    ports:
      - "8080:80"
  backend:
    ports:
      - "3001:3001"
      - "4001:4001"
  postgres:
    ports:
      - "5433:5432"
  redis:
    ports:
      - "6380:6379"
  mongodb:
    ports:
      - "27018:27017"

Production (Secure)

services:
  frontend:
    ports:
      - "127.0.0.1:8080:80"  # Localhost only
  backend:
    ports:
      - "127.0.0.1:3001:3001"
      - "127.0.0.1:4001:4001"
  # Databases: No ports exposed
  nginx:
    ports:
      - "80:80"
      - "443:443"

Quick Reference

Default ANTE ERP Ports:
─────────────────────────
Frontend:    8080
Backend API: 3001
WebSocket:   4001

Database Ports (Internal):
──────────────────────────
PostgreSQL:  5432
Redis:       6379
MongoDB:     27017

Production (With Reverse Proxy):
────────────────────────────────
HTTP:        80
HTTPS:       443

Next Steps

• Firewall Configuration
• Reverse Proxy Setup
• Troubleshooting Network Issues

---

Last Updated: October 27, 2025