This document outlines the network ports and services running on the server. Understanding this configuration is essential for security, firewall management, and connecting applications.
Our server architecture uses Docker to containerise services. For enhanced security, critical services like databases (MySQL) and caches (Redis) are not exposed to the public internet. They are only accessible from within the server or the internal Docker network.
Publicly Exposed Services
These services are bound to 0.0.0.0 (all IPv4) and [::] (all IPv6), meaning they are accessible from the public internet.
| Service | Port(s) | Protocol | Description |
| Nginx Proxy | 80 (http)443 (https) | TCP | The main web server that handles all incoming web traffic, manages SSL, and routes requests to the correct site containers. |
| SSH | 22 (ssh) | TCP | Provides global Secure Shell access for server administration and management. Can be changed. |
| Per Site SFTP | 20022 | TCP | Provides per-site SFTP access. This allows users to manage files for their specific sites securely without having full server access. |
| phpMyAdmin | 8081 | TCP | Provides a web-based interface for database management. Note: This port is only open when manually enabled from the database page. “1-Click App” access does not use this port. |
Internal & Local Services
These services are not accessible from the public internet. They are restricted to the server’s internal network for security.
| Service | Port | Binding / Access | Description |
| MySQL | 3306 (mysql) | 127.0.0.1 (Localhost) | The database service. It is only accessible from within the server. Applications (like WordPress containers) connect to it locally. |
| Redis | 6379 | Internal Docker Network | The Redis object cache. This service is only accessible to other containers on the same Docker network (e.g., at hostname redis:6379). |
