CapRover

CapRover

  • Docs
  • GitHub
  • Slack Group

›Help

Basics

  • Getting Started
  • CaptainDuckDuck Upgrade
  • Captain Definition File
  • Deployment Methods
  • App Configuration
  • Persistent Apps
  • CLI Commands
  • One-Click Apps
  • Complete Webapp Tutorial

Do More

  • Resource Monitoring
  • NGINX Config
  • Service Update Override
  • App Scaling & Cluster
  • Pre-deploy Script
  • Play with CapRover
  • Run Locally
  • Certbot Overrides
  • Custom Themes

Recipes and Tips

  • Sample Apps
  • Zero Downtime
  • Database Connection
  • Best Practices
  • Backup & Restore
  • Static React App
  • Stateless with Persistent data
  • Docker Compose
  • CI/CD Integration

    • Intro
    • Deploy from GitHub
    • Deploy from GitLab

Help

    Server Purchase

    • DigitalOcean
    • OpenStack
  • Disk Clean-Up
  • Firewall & Port Forwarding
  • Troubleshooting
  • Troubleshooting (Pro)
  • Help and Support
Edit

Firewall & Port Forwarding


Captain uses:

  • 80 TCP for regular HTTP connections
  • 443 TCP/UDP for secure HTTPS and HTTP/3 connections
  • 3000 TCP for initial Captain Installation (can be blocked once Captain is attached to a domain)
  • 7946 TCP/UDP for Container Network Discovery
  • 4789 TCP/UDP for Container Overlay Network
  • 2377 TCP/UDP for Docker swarm API
  • 996 TCP for secure HTTPS connections specific to Docker Registry

In case of an ubuntu server, run

ufw allow 80,443,3000,996,7946,4789,2377/tcp; ufw allow 7946,4789,2377,443/udp;

Note that for a more secure installation you can only expose 80/443/3000 to the world, the rest of the ports are only used in a cluster, and it would suffice to make them open to the other nodes in the cluster. If you have a single instance, just run:

ufw allow 80,443,3000

Also, if you are using Port Mapping to allow external connections, for example from your laptop to a MySQL instance on Captain, you will have to add the corresponding port to the exclusion as well.

NOTE: Docker bypasses ufw for mapped ports. If you have manually added a mapped port for any of your apps deployed under CapRover, ufw does not necessarily block the ports. See the relevant information here

← Disk Clean-UpTroubleshooting →
CapRover
Docs
Getting Started
Community
TwitterSlack Group
More
GitHubStar
Copyright © 2025 githubsaturn