A stable and secure network is key to a successful self-hosted deployment.
Ports to Open
| Purpose | Port | Protocol |
| HTTP (Web Access) | 80 | TCP |
| HTTPS (SSL Secure Access) | 443 | TCP |
| MySQL / PostgreSQL | 3306 / 5432 | TCP |
| Docker Internal Services | 8080, 9000 | TCP |
| SMTP (Email) | 587 / 465 | TCP |
Tip: Restrict database ports (3306 / 5432) to internal IP ranges only. Use firewall rules or private VPC networks for database isolation.
DNS & SSL Configuration
- Map your domain (e.g., projects.yourdomain.com) to the server’s IP using an A record.
- Use Let’s Encrypt or a CA-signed SSL certificate for HTTPS.
For testing environments, generate a self-signed SSL certificate using OpenSSL:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/yourdomain.key \
-out /etc/ssl/certs/yourdomain.crt
-keyout /etc/ssl/private/yourdomain.key \
-out /etc/ssl/certs/yourdomain.crt
Configure your web server (Apache/Nginx) for SSL reverse proxying to the backend (usually on port 8080) Orangescrum Enterprise edition
Firewall & Access Rules
- Allow inbound access only to HTTP/HTTPS ports.
- Deny root SSH logins; use sudo-based users for administration.
- Use ufw (Ubuntu) or firewalld (RHEL) for network protection.