From 3b414e99c3d5168d24becc3d0028a102df3abca9 Mon Sep 17 00:00:00 2001
From: Kiril KJiroski <kiril.kjiroski@finki.ukim.mk>
Date: Fri, 13 May 2022 17:48:40 +0000
Subject: [PATCH] Update doc/ports.md

---
 doc/ports.md | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/doc/ports.md b/doc/ports.md
index 89c93d3..92753f7 100644
--- a/doc/ports.md
+++ b/doc/ports.md
@@ -10,7 +10,7 @@ The list of TCP ports used in SOCtools, as available from the outside:
 |  6443 | MISP |
 |  8888 | haproxy-stats (login: `haproxy`, password is in `secrets/passwords/haproxy`)
 |  9000 | TheHive |
-|  9001   | Cortex |
+|  9001 | Cortex |
 |  9443 | NiFi web GUI |
 | 12443 | Keycloak |
 
@@ -23,13 +23,33 @@ The following port ranges are opened by haproxy to allow receiving data from ext
 
 TODO
 
-Notes: According to haproxy.cfg, the followng ports are forwarded to NiFi:
+NOTES-1: According to haproxy.cfg, the followng ports are forwarded to NiFi:
 - 7750-7760 (tcp)
 - 7771 (tcp)
 - 5000-5020 (http)
 - 6000-6020 (tcp)
 In fact, I can connect (using `nc`) to these ports 7750, 5000-5099, 6000-6099 (i.e. not 7751-7760, 7771; on the other hand, the 50??,60?? ranges are wider, I don't know where they are pointed to).
 
+NOTES-2: haproxy container is listening on following ports:
+- 0.0.0.0:443->443/tcp
+- 0.0.0.0:5000-5099->5000-5099/tcp
+- 0.0.0.0:6000-6099->6000-6099/tcp
+- 0.0.0.0:7750->7750/tcp
+- 0.0.0.0:8443->8443/tcp
+- 0.0.0.0:8888->8888/tcp
+- 0.0.0.0:9000-9001->9000-9001/tcp
+- 0.0.0.0:9200->9200/tcp
+- 0.0.0.0:9443->9443/tcp
+
+NOTES-3: From haproxy.cfg, following ports should go through haproxy, but are actually only monitored from haproxy container:
+|  8888 | haproxy-stats |
+|  9000 | TheHive |
+|  9001 | Cortex |
+|  9200 | ODFEES |
+|  9443 | NiFi web GUI |
+| 12443 | Keycloak | - incorectly configured frontend on port 10443
+
+
 
 Ports already used or reserved for ingesting specific data into the system via NiFi:
 
-- 
GitLab