(Legacy) Ports and Network Requirements
This documentation is for the legacy Konnect environment at konnect.konghq.com. For the cloud.konghq.com environment, see the current Konnect documentation.
Konnect Cloud ports
The Konnect Cloud control plane uses the following port:
Port | Protocol | Description |
---|---|---|
:443 |
TCP HTTPS |
Cluster communication port for configuration and telemetry data. The Konnect Cloud control plane uses this port to listen for runtime node connections and to communicate with the runtime nodes. |
Kong’s hosted control plane expects traffic on this port, so the cluster port can’t be customized.
The cluster communication port must be accessible by all the data planes within the same cluster. This port is protected by mTLS to ensure end-to-end security and integrity.
Runtime ports
By default, Kong Gateway listens on the following ports:
Port | Protocol | Description |
---|---|---|
8000 |
HTTP | Takes incoming HTTP traffic from consumers, and forwards it to upstream services. |
8443 |
HTTPS | Takes incoming HTTPS traffic from consumers, and forwards it to upstream services. |
8001 |
HTTP | Admin API. Listens for calls from the command line over HTTP. |
8444 |
HTTPS | Admin API. Listens for calls from the command line over HTTPS. |
8002 |
HTTP | Kong Manager (GUI). Listens for HTTP traffic. |
8445 |
HTTPS | Kong Manager (GUI). Listens for HTTPS traffic. |
8003 |
HTTP | Dev Portal. Listens for HTTP traffic, assuming Dev Portal is enabled. |
8446 |
HTTPS | Dev Portal. Listens for HTTPS traffic, assuming Dev Portal is enabled. |
8004 |
HTTP | Dev Portal /files traffic over HTTP, assuming the Dev Portal is enabled. |
8447 |
HTTPS | Dev Portal /files traffic over HTTPS, assuming the Dev Portal is enabled. |
8005 |
HTTP | Hybrid mode only. Control plane listens for traffic from data planes. |
8006 |
HTTP | Hybrid mode only. Control plane listens for Vitals telemetry data from data planes. |
Kong Gateway ports can be fully customized. Set them in kong.conf
.
For Kubernetes or Docker deployments, map ports as needed. For example, if you
want to expose the Admin API through port 3001
, map 3001:8001
.
Hostnames to add to allow lists
The Konnect Cloud control plane uses the following hostnames:
cp.konnect.konghq.com
: configurationtp.konnect.konghq.com
: telemetry
You can find your specific instance hostnames through Runtime manager. Start configuring a new runtime, choose the Linux or Kubernetes tab, and note the hostnames in the code block.