Ports and endpoints to allow

Hi everyone !

We have some devices running in a networks where policies denies all access to the NAT and we need to provide the list of particular endpoints and ports that we’ll need to access.

We have allowed TCP 443 s3.amazonaws.com since it’s pretty clear from logs that the images are pulling from S3, but still we see the following error (creds are xxx’ed):

Can not fetch update image: Get "https://s3.amazonaws.com/hosted-mender-artifacts/xxxxxxxxxxxxxxxx/09f73bb9-93da-4e5e-8847-xxxxxxxxxxxxx?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=XXXXXXXXXXXXXXXX%2F20211210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211210T000850Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&response-content-type=application%2Fvnd.mender-artifact&X-Amz-Signature=xxxxxxxxxxxxxxxxxxxxxxxxxx": read tcp> read: connection reset by peer

Could someone provide us a list of necessary endpoints and ports to open for the update to succeed ?


So you should be good.

For hosted, the only endpoints you will see used are hosted.mender.io, and s3

@oleorhagen sorry, I forgot to specify.
The ports are going to be open at the firewall, not the device.
This way, TCP 443 s3.amazonaws.com and TCP 443 hosted.mender.io are correct ?

That is correct :slight_smile: