Network ports required for OctoPrint?

Greetings, OctoPrint community! I spent a bit of time reading over past forum posts so I am hopeful I did due diligence before posting here. Here is my situation:

I have a Raspberry Pi 3 based device that runs OctoPrint. Because of the hardware limitations of the device I am only able to connect to WiFi networks running WPA2-Personal authentication and not WPA2-Enterprise level. This is a minor issue because I work at a university where our main WiFi network requires WPA2-Enterprise authentication. The workaround our IT dept. came up with is to have our device (running OctoPrint) connect to a hidden WPA2-Personal network and then communicate between the two networks to have clients (on WPA2-Enterprise) communicate with OctoPrint (on WPA2-Personal). My question is this: which ports on the network need to be open to communicate with OctoPrint? I assumed just 80, but that doesn't seem to allow communication. This post suggests 81 as well, and this one suggest 443. Is there a definitive list of ports which need to be open to talk to OctoPrint?

Thanks!

What is the problem?

What did you already try to solve it?

Logs (syslog, dmesg, ... no logs, no support)

Additional information about your network (Hardware you are trying to connect to, hardware you are trying to connect from, router, access point, used operating systems, ...)

OctoPrint by default listens on port 5000/tcp. With OctoPi it includes haproxy which listens on 80/tcp, 443/tcp. You would also want SSH 22/tcp for management on OctoPi.

Thank you, @kantlivelong ! I had our IT folks open up ports 80, 81, 443, and 5000. Unfortunately, we still cannot access the OctoPrint web server. We are able to successfully ping the device (it has a static IP and hostname) so we are able to communicate with it between the two networks. But we are still missing something for the webserver. Does anyone have any other ideas about what we are missing?

There aren't any network restrictions in place so I'd verify that it is working locally.

curl http://127.0.0.1
curl http://127.0.0.1:5000
ps -ef | grep octoprint

That post is about changing the port to port 81. A normal OctoPrint or OctoPi installation does not need port 81.

Just so we know more about your setup, did you use the OctoPi image, or did you install OctoPrint manually on top of a Raspberry Pi OS installation? See What is the difference between OctoPrint and OctoPi? Are they the same thing?

Thanks for pointing out the details of the post related to port 81, @fieldOfView. I'll close port 81 here.

As to the image - the device I am using is a Mosaic Manufacturing Canvas Hub S. I followed the factory reset instructions here and downloaded the most recent Mosaic Pi image. This device is based on a Raspberry Pi 3+ compute module and it is plugged into a shield of sorts that uses this module to provide WiFi.

After poking around a bit, I'm pretty sure the image running on my Pi is not OctoPi. Running cat /etc/os-release yields:

PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
VERSION_CODENAME=stretch
ID=raspbian
ID_LIKE=debian

@kantlivelong , here are the results of running the three commands you suggested. The first two yielded the same thing:

pi@abcd-ch-canvas-hub:~ $ curl http://127.0.0.1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="/login/?redirect=%2F%3F&amp;permissions=STATUS%2CSETTINGS_READ">/login/?redirect=%2F%3F&amp;permissions=STATUS%2CSETTINGS_READ</a>.  If not click the link.

The output of the third command produced this result:

pi         623     1  0 Feb07 ?        00:06:23 /home/pi/OctoPrint/venv3/bin/python3.7 /home/pi/OctoPrint/venv3/bin/octoprint serve --port=5000
pi       26222 25645  0 13:27 pts/0    00:00:00 grep --color=auto octoprint

Looks like it's listening on 80 and 5000. Since it's not an OctoPi image there could be a few things but can't really say.

Check the firewall for rules limiting access:
sudo iptables -L -n

If haproxy/nginx is being used then check their configs for access control rules. Can't really say where the config files would be if any.

The iptables command didn't output anything useful, unfortunately. I've got an email in to the manufacturer to see if they're using haproxy or nginx.

The interesting thing is that on my end, if our IT folks temporarily open up all ports for this device, then we can communicate with it. But once they close off all ports except 80, 443, and 5000 then we lose communication. So it seems like there is one or more additional ports we are missing. I asked IT if there is any way to listen to/watch the device when all ports are open and determine which specific ports are being used.

Given you are using a Mosaic product rather than OctoPrint/OctoPi, we can't really say what they may have done to the image. The supported software here is OctoPi and OctoPrint, not other forks.

I wanted to close the loop and let everyone know that our issue was finally resolved and I can finally communicate with my device running OctoPrint. There were some issues on our IT end that I was unaware of and had no control over. Our IT folks finally sorted them out and simply having ports 80, 443, and 5000 open were sufficient for my device to allow communication with OctoPrint. Excited to finally get started using it! Thanks again for the help.

2 Likes