From 5449c965336d4e59e3ceb9f0e91d6731e83313a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Barto=C5=A1?= <bartos@cesnet.cz>
Date: Thu, 12 May 2022 11:23:09 +0200
Subject: [PATCH] draft of documentation of ports

---
 doc/ports.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 doc/ports.md

diff --git a/doc/ports.md b/doc/ports.md
new file mode 100644
index 0000000..c938a58
--- /dev/null
+++ b/doc/ports.md
@@ -0,0 +1,39 @@
+# Usage of TCP ports
+
+The list of TCP ports used in SOCtools, as available from the outside:
+
+## Web interfaces
+
+| port  | description |
+| ----: | ----------- |
+|  5601 | Kibana |
+|  6443 | MISP |
+|  8888 | haproxy-stats (login: `haproxy`, password is in `secrets/passwords/haproxy`)
+|  9000 | TheHive |
+|  ??   | Cortex |
+|  9443 | NiFi web GUI |
+| 12443 | Keycloak |
+
+TODO others?
+TODO open to anyone / local only?
+
+## Data ingestion
+
+The following port ranges are opened by haproxy to allow receiving data from external systems. These ports are forwarded to NiFi nodes. So, a processor in NiFi can listen on these ports and receive data from other systems.
+
+TODO
+
+Notes: According to haproxy.cfg, the followng ports are forwarded to NiFi:
+- 7750-7760 (tcp)
+- 7771 (tcp)
+- 5000-5020 (http)
+- 6000-6020 (tcp)
+In fact, I can connect (using `nc`) to these ports 7750, 5000-5099, 6000-6099 (i.e. not 7751-7760, 7771; on the other hand, the 50??,60?? ranges are wider, I don't know where they are pointed to).
+
+
+Ports already used or reserved for ingesting specific data into the system via NiFi:
+
+| port  | description |
+| ----: | ----------- |
+
+TODO (e.g. port(s) used for preconfigured ListenBeats data)
-- 
GitLab