top | item 37148306

(no title)

afeiszli | 2 years ago

You can lock it down a good amount: - 80 is only required for Caddy to request certificates. If you BYO certs, you can take that off - TURN is optional, so if you disable TURN then dont need 3479 or 8089 - The remaining ports are only for specific features (EMQX and Prometheus exporter) which are not enabled by default.

So really, you could get it down to just 443. However, this should be better documented.

Also worth noting these are all server-side requirements. The actual WireGuard clients do not need these ports open.

discuss

No comments yet.