Skip to main content

8.2 Port Configuration

Dashboard and monitoring tools like Grafana and Prometheus require open access to be viewed from your personal computer or trough a VPN connecting to your node. This section outlines which ports are used, which need to be open, and what additional ports are used internally during further service configurations.

info

Similar to checking peers or attaching clients, Prometheus can listen to consensus client ports to collect status messages.

Monitoring Ports

Consensus blockchain clients have different monitoring ports that allow Prometheus to gather metrics.

LUKSO CLI PORTCLIENTDESCRIPTIONTCPExternal
4000LighthouseConsensus REST API✔️
5062LighthouseValidator REST API✔️
3500PrysmConsensus and Validator REST API✔️
5051TekuConsensus and Validator REST API✔️
5052Nimbus-Eth2Consensus and Validator REST API✔️
5054LighthouseConsensus Metrics✔️
5057LighthouseValidator Metrics✔️
8008Nimbus-Eth2Consensus and Validator Metrics✔️
8008TekuConsensus Metrics✔️
8009TekuValidator Metrics✔️
8080PrysmConsensus Metrics✔️
8081PrysmValidator Metrics✔️

Service ports also come with default ports to bundle and present data.

PORTSERVICEDESCRIPTIONTCPExternal
3000GrafanaMonitoring Dashboard✔️
7979JSON-ExporterIncome Metrics✔️
9090PrometheusData Analytics✔️
9100Node-ExporterHardware Metrics✔️
9115Blackbox-ExporterConnectivity Metrics✔️
warning

The LUKSO Network Configuration changed the following client ports:

  • Lighthouse: Validator Metrics from Port 5064 to 5057
  • Teku: Validator Metrics from Port 8008 to 8009
tip

Node clients and exporter services are for internal use. All their data is collected by Prometheus, that further sends it to Grafana to create visual graphs to the metrics.

info

Client port numbers must be defined when creating the Prometheus configuration file.

Firewall Configuration

You can add the Grafana and Prometheus port rules to your firewall as previously done in the Client Setup.

info

The following step is performed on your 💻 personal computer.

1. Node Connection: Log in to your node if you are not already connected.

ssh <ssh-device-alias>
info

The following steps are performed on your 📟 node server.

2. Add Port Rules: Allow the TCP ports from both Grafana and Prometheus to allow data access.

sudo ufw allow 3000/tcp
sudo ufw allow 9090/tcp

The output of each command should always show:

Rule added
Rule added (v6)

3. Check Configuration: Verify the new firewall rules.

sudo ufw status

The output should look similar to this:

Status: active

To Action From

---

<preferred-ssh-port>/tcp         ALLOW       Anywhere
30303/tcp                        ALLOW       Anywhere
30303/udp                        ALLOW       Anywhere
9000/tcp                         ALLOW       Anywhere
3000/tcp                         ALLOW       Anywhere
9090/tcp                         ALLOW       Anywhere
<preferred-ssh-port>/tcp (v6)    ALLOW       Anywhere (v6)
30303/tcp (v6)                   ALLOW       Anywhere (v6)
30303/udp (v6)                   ALLOW       Anywhere (v6)
9000/tcp (v6)                    ALLOW       Anywhere (v6)
3000/tcp (v6)                    ALLOW       Anywhere (v6)
9090/tcp (v6)                    ALLOW       Anywhere (v6)
info

The <preferred-ssh-port> property will be exchanged with your actual SSH port.

warning

If something is missing, retry to apply the above rules or have a look into the firewall configuration for further details.

If you need to modify the firewall rules, such as removing an unwanted port rule, you can list them all.

sudo ufw status
info

To delete a specific port rule using UFW, type the <rule-number> that is no longer required.

sudo ufw delete <rule-number>