Understanding the Default Access Ports

To use the resources available within your Oracle Java Cloud Service instances, access them through the default ports.

See the diagram in About the Deployment Topology of Virtual Machines for an illustration of the default port allocation in a service instance.

If you create a service instance in an Oracle Cloud Infrastructure Classic region, then:

  • You can also create your own access rules to control the ports and protocols that are available in a service instance. See Creating an Access Rule.

  • You can choose whether to assign public IP addresses to the nodes in your service instance, if you select a specific IP network when you create the service instance.

Ports Open to Traffic from Outside the Oracle Cloud Network

If the nodes in your service instance are assigned public IP addresses, then by default the following ports are accessible from the Internet. If they are not assigned public IP addresses, then these ports are accessible only from within your private IP network, or from your on-premises data center over a VPN network.

Resource Protocol Default Port

Secure Shell (SSH) server

SSH

22

Oracle WebLogic Server Administration Console

HTTPS

7002

Oracle Fusion Middleware Control

HTTPS

7002

Integration with WebLogic Scripting Tool (WLST), Integrated Development Environment (IDE) or similar software

T3S

7002

Oracle Traffic Director Administration Console

HTTPS

8989

End user applications when the load balancer is present

HTTP

HTTPS

80

443

End user applications when the load balancer is not present and there are multiple Managed Servers

HTTP

HTTPS

8001

8002

End user applications when the load balancer is not present and there is only one Managed Server

HTTP

HTTPS

80

443

By default, if you created your service instance in an Oracle Cloud Infrastructure Classic region, external access to these administration consoles is disabled for security purposes. If you did not enable console access while provisioning your service instance, see Enabling Console Access in an Oracle Java Cloud Service Instance. If you created your service instance in an Oracle Cloud Infrastructure region, this procedure is not necessary. Access to the administration consoles is enabled by default in these regions.

For end user applications, the default ports depend on how the service instance was created.

  • If the service instance was created by using the web console, the default ports are as follows:

    • If a load balancer is enabled, the HTTP port is disabled by default and the HTTPS port is 443 by default.

    • If a load balancer is not present and the service instance contains more than one Managed Server, the HTTP port is disabled and the HTTPS port is 8002.

    • If a load balancer is not present and the service instance contains only one Managed Server, the HTTP port is disabled and the HTTPS port is 443.

    • You can enable the HTTP port manually after you have created the service instance. See Enabling HTTP Access to an Oracle Java Cloud Service Instance.

  • If the service instance was created by using the REST API or CLI, the default ports are as follows:

    • If a load balancer is present, the default ports for applications are 80 for HTTP and 443 for HTTPS. You can reconfigure these ports.

    • If a load balancer is not present and the service instance contains more than one Managed Server, the default ports are 8001 for HTTP and 8002 for HTTPS.

    • If a load balancer is not present and the service instance contains only one Managed Server, the default ports are 80 for HTTP and 443 for HTTPS.

Ports Open to Traffic from Within the Oracle Cloud Network

Resource Protocol Default Port

Oracle WebLogic Server Administration Console

HTTP

7001

Oracle Fusion Middleware Control

HTTP

7001

Managed Servers

HTTP

HTTPS

8001

8002

Database

SQL Net

1521

Deployment Port

The Administration Server node in your service instance has an additional port 9001 that supports the WebLogic-specific T3 protocol. This port can be used with the WebLogic Scripting Tool (WLST), Integrated Development Environments (IDEs) or other WebLogic Server deployment tools. However, for security reasons the deployment port is not directly accessible from outside of this single node. You can create an SSH tunnel to make this port available to programs that are not running on the Administration Server node. See Creating an SSH Tunnel to a Node with OpenSSH or Creating an SSH Tunnel to a Node with PuTTY.