If you’re installing CleanSpeak on your own server, use the following guide as a baseline for securing the services. Please contact firstname.lastname@example.org if you have additional questions.
See the Configuration Reference for more information on default port configuration. The documentation below assumes the default port configuration.
CleanSpeak Management Interface
To access CleanSpeak Management Interface you’ll need to open port
To access the CleanSpeak API you’ll need to open port
CleanSpeak Search Engine
If CleanSpeak Search Engine is running on the same system as the CleanSpeak Management Interface or CleanSpeak Webservice you’re only running
a single instance of CleanSpeak then no external ports should be allowed for CleanSpeak Search Engine. In this scenario, CleanSpeak Management
Interface and CleanSpeak Webservice will access the Elastic Search service on port
8020 on the
localhost address and traffic to port
8021 can be blocked from any address with the exception of the
If CleanSpeak services are installed on multiple servers and those servers can communicate across a private network using a site local address
then in this scenario you will need to allow access to ports
8021 on the site local IP address in addition to the
It is not recommended to expose the CleanSpeak Search Engine service to any public network. If this is a requirement, then a firewall should be used to limit traffic based upon the source and destination IP address to the service.
8020 port is utilized by Elastic Search for internal communication including clustering. The
8021 port is the HTTP port exposed by
Elastic Search for API requests to the search index.