Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update "agent ports" Networking Reference section #41021

Merged
merged 1 commit into from
May 30, 2024
Merged

Update "agent ports" Networking Reference section #41021

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 14 additions & 16 deletions docs/pages/reference/networking.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,21 +233,16 @@ Service, Kubernetes Service, and other services that protect resources in your
infrastructure, there is no need to open ports on the machines running the
agents to the public internet.

Some Teleport services listen for traffic to one of their proxied resources,
meaning that you can expose ports on that service's host directly to clients.
This is useful when you need to connect to resources directly if the Proxy
Service becomes unavailable.
<Details title="Direct connections to agents">

<Admonition
type="tip"
title="Note"
>
In Teleport Cloud, the Auth and Proxy Services run in Teleport-owned infrastructure.
For this reason, Teleport Cloud customers must connect their resources via reverse tunnels.
Exposing ports for direct dial is only supported in self-hosted deployments.
</Admonition>
If you run a self-hosted Teleport cluster, you can join an agent [directly to
the Teleport Auth
Service](../agents/join-services-to-your-cluster/join-token.mdx#start-your-teleport-process-with-the-invite-token).
In this setup, certain Teleport services open their own listeners rather than
accepting connections via reverse tunnel. The Proxy Service connects to these
agent services by dialing them directly.

The table below describes the ports that each Teleport Service opens for proxied
The table below describes the ports that each Teleport service opens for proxied
traffic:

| Port | Service | Traffic Type |
Expand All @@ -256,6 +251,9 @@ traffic:
| 3026 | Kubernetes Service | HTTPS traffic to a Kubernetes API server.|
| 3028 | Windows Desktop Service | Teleport Desktop Protocol traffic from Teleport clients.|

You can only access enrolled applications and databases through the Teleport Proxy Service.
The Teleport Application Service and Teleport Database Service use reverse tunnel
connections through the Teleport Proxy Service and cannot expose ports directly.
You can only access enrolled applications and desktops through the Teleport
Proxy Service. The Teleport Application Service and Teleport Database Service
use reverse tunnel connections through the Teleport Proxy Service and cannot
expose ports directly.

</Details>
Loading