If necessary, you can use a firewall to restrict communication between edoc platform (on-premises) and the Internet. However, if you restrict communication between the applications with a firewall, you must ensure that certain services are always accessible. To this end, you must enable the corresponding ports in your system environment.
It is helpful to have a basic knowledge of Kubernetes to understand it. There are also links to English-language articles on the Internet for further details.
In this article, you can find out which services (URLs) are involved and which ports you must enable in the firewall.
Things to know
In some cases, you will find URLs in the tables that originate from regular operating system updates. The responsibility for these services and URLs lies entirely with you. The URLs to the services can change at any time. edoc therefore accepts no responsibility for the completeness of the list.
Communication with the central management platform edoc system control
|
URL |
Port |
Description and purpose |
Last checked |
|---|---|---|---|
|
https://sc.edoc.de |
443 |
Is the central SaaS platform for managing edoc platform. The domain is resolved via DNS to edoc-mission-control.northeurope.cloudapp.azure.com. |
2024-11-29 |
Install and update edoc agent
|
URL |
Port |
Description and purpose |
Last checked |
|---|---|---|---|
|
https://dev.azure.com |
443 |
Is the Git repository for the edoc agent program code. |
2024-12-06 |
|
https://getcomposer.org |
443 |
Used to install and update the Composer tool for the installation of dependencies and/or third-party packages in the PHP area. You can find more information here: https://getcomposer.org/download/ As requested by the provider, we do not provide the installation script ourselves, but always obtain the latest script via the official download path. |
2024-12-06 |
|
https://api.github.com https://codeload.github.com |
443 |
Used to download third-party packages for PHP dependencies (Composer) from edoc agent. |
2024-12-06 |
Download container images
We use Azure Container Registry as the storage location for our container images. If you need an activation on an IP basis, use the Azure IP Ranges listing as a reference.
For more information on accessing Azure Container Registry behind a firewall, visit the Microsoft Learn website: Firewall Access Rules to access an Azure Container Registry - Azure Container Registry
|
URL |
Port |
Description and purpose |
Last checked |
|---|---|---|---|
|
https://edochub.azurecr.io |
443 |
Is Azure Container Registry from edoc for downloading the images of applications. IP-dependent on the region of your on-premises server: In Germany, the domain is redirected to neu.fe.azcr.io or neu-acr-reg.trafficmanager.net. |
2024-12-09 |
|
https://*.blob.core.windows.net |
443 |
Current (still in use): Is the location of edoc's Azure Container Registry for downloading images of edoc applications. |
2024-12-09 |
|
https://edochub.northeurope.data.azurecr.io |
443 |
In the future (currently not yet in use): Is the location of edoc's Azure Container Registry for downloading images of edoc applications. |
2025-01-06 |
Retrieve community container images from Kubernetes
Attention
We use the community images from the standard Kubernetes registry (see also standard template "registry.k8s.io" in Kubernetes).
When retrieving the images, different domains (GCP/AWS) are used depending on the location of the server.
For more information see:
|
URL |
Port |
Description and purpose |
Last checked |
|
https://k8s.gcr.io https://googlecode.l.googleusercontent.com |
443 |
Used to download default community Kubernetes images, such as coredns or pause. URL is replaced by http://registry.k8s.io. |
2024-12-10 |
|
https://registry.k8s.io + different depending on time and location, e.g. https://*.cloudfront.net |
443 |
Used to download default community Kubernetes images, such as coredns or pause. |
2024-12-10 |
|
https://registry-1.docker.io https://auth.docker.io https://production.cloudflare.docker.com |
443 |
Used to download standard community Kubernetes images, such as calico/cni, calico/pod2daemon-flexvol, or calico/node via the Docker Registry (docker hub). |
2024-12-10 |
Generate TLS certificates with Let's Encrypt
If you want to equip the server with a free certificate from Let's Encrypt, the URL acme-v02.api.letsencrypt.org must be accessible. You must also ensure that the server can be reached externally on ports 80 and 443.
Install operating system packages
Things to know
If you have set up individual package sources on your server, the following list is irrelevant for you except for the PPA ppa:ondrej/php.
|
URL |
Port |
Description and purpose |
Last checked |
|---|---|---|---|
|
https://api.snapcraft.io |
443 |
Used to download the MicroK8s snap package. |
2025-01-28 |
|
https://*.cdn.snapcraftcontent.com |
443 |
Used to download the MicroK8s snap package. |
2025-01-28 |
|
https://api.launchpad.net |
443 |
Is the installed PPA ppa:ondrej/php to install current PHP packages. |
2024-12-10 |
|
https://ppa.launchpadcontent.net |
443 |
Used to download PHP packages via the PPA ppa:ondrej/php. |
2024-12-10 |
|
http://de.archive.ubuntu.com |
80 |
Used to retrieve operating system packages. |
2024-12-10 |
|
http://archive.ubuntu.com |
80 |
Used to retrieve operating system packages. |
2024-12-10 |
|
https://changelogs.ubuntu.com |
443 |
Used to retrieve changelogs for operating system packages (optional). |
2024-12-10 |
|
https://keyserver.ubuntu.com |
443 |
Used to retrieve operating system packages. |
2024-12-10 |
|
https://security.ubuntu.com |
443 |
Used to retrieve operating system packages. |
2024-12-10 |
Deploy the VM via Microsoft Azure
If you deploy the VM via Microsoft Azure, you must enable communication between the services for specific URLs and ports.
|
URL |
Port |
Description and purpose |
|---|---|---|
|
https://packages.microsoft.com |
443 |
Used to download Microsoft packages. |
|
http://azure.archive.ubuntu.com |
80 |
Used to download Ubuntu APT packages. |