Network configuration

EventStoreDB provides two interfaces: proprietary TCP and REST-contract-based HTTP. Nodes in the cluster communicate with each other using the TCP protocol, but use HTTP for discovering other cluster nodes.

Server nodes separate internal and external communication explicitly. All the communication between the cluster nodes is considered internal and all the clients that connect to the database are external. EventStoreDB allows you to separate network configurations for internal and external communication. For example, you can use different network interfaces on the node. All the internal communication can go over the isolated private network but access for external clients can be configured on another interface, which is connected to a more open network. You can set restrictions on those external interfaces to make your deployment more secure.

There are multiple options that allow configuring TCP and HTTP protocols, internally and externally, on the server.

Networking for cluster nodes

EventStoreDB nodes normally need internal networking only when running in a cluster. The internal network is where cluster communications runs, while the external interfaces is where client communications runs.

Separating internal and external communication allows to balance the network traffic. Cluster nodes communicate extensively and replicate all the data between the nodes. When you use a separate network for that, the external clients won't be affected by the replication traffic.

Network separation also allows more secure setups. For example, you might only enable the management interface and stats to only be accessible internally.

You configure the internal TCP and HTTP ports in the same way as the external. All internal communications for the cluster happen over these interfaces. Elections and internal gossip happen over HTTP. Replication and forwarding of client requests happens over the TCP channel.

Internal interface

By default, EventStoreDB binds its internal networking on the loopback interface only (127.0.0.1). You can change this behaviour and either tell EventStoreDB to listen on all interfaces or explicitly specify which internal IP address the server should use. To do that set the IntIp to 0.0.0.0 or the IP address of the network interface.

FormatSyntax
Command line--int-ip
YAMLIntIp
Environment variableEVENTSTORE_Int_IP

Default: 127.0.0.1 (loopback).

For example, adding ExtIp=0.0.0.0 to the eventstore.conf file will instruct EventStoreDB to allow internal communication on all interfaces.

Internal ports

EventStoreDB only uses two ports to communicate with other cluster nodes.

The first port is the internal HTTP port, and the default value is 2112. EventStoreDB uses this port for the cluster gossip protocol.

The second port used is the TCP interface for all other communication between cluster nodes, such as replication, and the default for the port is 1112.

You should ensure that cluster nodes are able to reach each other using these ports.

Use the settings described below to change default internal ports.

FormatSyntax
Command line--int-tcp-port
YAMLIntTcpPort
Environment variableEVENTSTORE_INT_TCP_PORT

Default: 1112

FormatSyntax
Command line--int-http-port
YAMLIntHttpPort
Environment variableEVENTSTORE_INT_HTTP_PORT

Default: 2112

Communication with clients

When installing EventStoreDB on a physical or virtual machine, it locks itself down and you can only connect to it from the same machine. It is done to prevent unauthorised access to your instance using well-known default credentials. You need to configure the external networking configuration before you can connect to the EventStoreDB instance from other machines.

Docker and Kubernetes deployments are different. EventStoreDB Docker container has a default configuration file, which tells the instance to bind to 0.0.0.0 since it connects to the Docker or Kubernetes network, which is considered safe.

Remember to change the admin user password before exposing the instance externally.

External interface

By default, EventStoreDB listens on the loopback interface only (127.0.0.1). You can change this behaviour and either tell EventStoreDB to listen on all interfaces or explicitly specify which IP address the server should use. To do that set the ExtIp to 0.0.0.0 or the IP address of the network interface.

FormatSyntax
Command line--ext-ip
YAMLExtIp
Environment variableEVENTSTORE_EXT_IP

Default: 127.0.0.1 (loopback).

For example, adding ExtIp=0.0.0.0 to the eventstore.conf file will instruct EventStoreDB to listen on all interfaces.

External ports

EventStoreDB only uses two ports to communicate with external clients.

The first port is the external HTTP port, and the default value is 2113. EventStoreDB uses this port for both the client HTTP APIs and for the management HTTP interface.

The second port used is the TCP interface for clients connecting over the client API, and the default for the port is 1113.

Windows networking

EventStoreDB on Windows tries to add access via http.sys automatically for the 2113 port.

You should ensure that these ports are open and allowed via your firewall.

Use the settings described below to change default external ports.

External TCP port is used by TCP clients, like your applications.

FormatSyntax
Command line--ext-tcp-port
YAMLExtTcpPort
Environment variableEVENTSTORE_EXT_TCP_PORT

Default: 1113

External HTTP port is used by HTTP API clients, Admin UI (if exposed externally) and client gossip.

FormatSyntax
Command line--ext-http-port
YAMLExtHttpPort
Environment variableEVENTSTORE_EXT_HTTP_PORT

Default: 2113

NAT and port forward

Override the address

Due to NAT (network address translation), or other reasons a node may not be bound to the address it is reachable from other nodes. For example, the machine has an IP address of 192.168.1.13, but the node is visible to other nodes as 10.114.12.112.

Options described below allow you to tell the node that even though it is bound to a given address it should not gossip that address. When returning links over HTTP, EventStoreDB will also use the specified addresses instead of physical addresses, so the clients that use HTTP can follow those links.

Another case when you might want to specify the advertised address although there's no address translation involved. When you configure EventStoreDB to bind to 0.0.0.0, it will use the first non-loopback address for gossip. It might or might not be the address you want it to use for internal communication. Whilst the best way to avoid such a situation is to configure the binding properly, you can also use the IntIpAdvertiseAs setting with the correct internal IP address.

The only place where these settings make any effect is the gossip endpoint response. Cluster nodes gossip over the internal HTTP and there all the Int<*>AdvertiseAs will apply there, if specified. Clients use the external HTTP endpoint for gossip and if any Ext<*>AdvertiseAs setting is specified, EventStoreDB will override addresses and ports in the gossip response accordingly.

Two settings below determine of the node IP address needs to be replaced.

Replace the internal interface IP address:

FormatSyntax
Command line--int-ip-advertise-as
YAMLIntIpAdvertiseAs
Environment variableEVENTSTORE_INT_IP_ADVERTISE_AS

Replace the external interface IP address:

FormatSyntax
Command line--ext-ip-advertise-as
YAMLExtIpAdvertiseAs
Environment variableEVENTSTORE_EXT_IP_ADVERTISE_AS

If your setup involves not only translating IP addresses, but also changes ports using port forwarding, you would need to change how the ports are advertised too.

When any of those settings are set to zero (default), EventStoreDB won't override the port and will use the configured port when advertising itself.

Replace the external HTTP port:

FormatSyntax
Command line--ext-http-port-advertise-as
YAMLExtHttpPortAdvertiseAs
Environment variableEVENTSTORE_EXT_HTTP_PORT_ADVERTISE_AS

Default: 0 (n/a)

Replace the internal HTTP port:

FormatSyntax
Command line--int-http-port-advertise-as
YAMLIntHttpPortAdvertiseAs
Environment variableEVENTSTORE_INT_HTTP_PORT_ADVERTISE_AS

Default: 0 (n/a)

Replace the external TCP port:

FormatSyntax
Command line--ExtTcpPortAdvertiseAs
YAMLext-tcp-port-advertise-as
Environment variableEVENTSTORE_EXT_TCP_PORT_ADVERTISE_AS

Default: 0 (n/a)

Replace the internal TCP port:

FormatSyntax
Command line--int-tcp-port-advertise-as
YAMLIntTcpPortAdvertiseAs
Environment variableEVENTSTORE_INT_TCP_PORT_ADVERTISE_AS

Default: 0 (n/a)

Heartbeat timeouts

EventStoreDB uses heartbeats over all TCP connections to discover dead clients and nodes. Setting heartbeat timeouts requires thought. Set them too short and you receive false positives, set them too long and discovery of dead clients and nodes is slower.

Each heartbeat has two points of configuration. The first is the 'interval', this represents how often the system should consider a heartbeat. EventStoreDB doesn't send a heartbeat for every interval. EventStoreDB sends heartbeat requests if it has not heard from a node within the configured interval. On a busy cluster, you may never see any heartbeats.

The second point of configuration is the timeout. This determines how long EventStoreDB server waits for a client or node to respond to a heartbeat request.

Different environments need different values for these settings. While low numbers work well on a LAN they tend to not work well in the cloud. The defaults are likely fine on a LAN. If you experience frequent elections in your environment, you can try to increase both interval and timeout, for example:

  • An interval of 5000ms.
  • A timeout of 1000ms.

TIP

If in doubt, choose higher numbers. This adds a small period of time to discover a dead client or node and is better than the alternative, which is false positives.

Internal TCP heartbeat (between cluster nodes):

FormatSyntax
Command line--int-tcp-heartbeat-interval
YAMLIntTcpHeartbeatInterval
Environment variableEVENTSTORE_INT_TCP_HEARTBEAT_INTERVAL

Default: 700 (ms)

FormatSyntax
Command line--int-tcp-heartbeat-timeout
YAMLIntTcpHeartbeatTimeout
Environment variableEVENTSTORE_INT_TCP_HEARTBEAT_TIMEOUT

Default: 700 (ms)

External TCP heartbeat (between client and server):

FormatSyntax
Command line--ext-tcp-heartbeat-interval
YAMLExtTcpHeartbeatInterval
Environment variableEVENTSTORE_EXT_TCP_HEARTBEAT_INTERVAL

Default: 2000 (ms)

FormatSyntax
Command line--ext-tcp-heartbeat-timeout
YAMLExtTcpHeartbeatTimeout
Environment variableEVENTSTORE_EXT_TCP_HEARTBEAT_TIMEOUT

Default: 1000 (ms)

Exposing endpoints

If you need to disable some HTTP endpoints on the external HTTP interface, you can change some settings below. It is possible to disable the Admin UI, stats and gossip port to be exposed externally.

You can disable the Admin UI on external HTTP by setting AdminOnExt setting to false.

FormatSyntax
Command line--admin-on-ext
YAMLAdminOnExt
Environment variableEVENTSTORE_ADMIN_ON_EXT

Default: true, Admin UI is enabled on the external HTTP.

Exposing the stats endpoint externally is required for the Admin UI and can also be useful if you collect stats for an external monitoring tool.

FormatSyntax
Command line--stats-on-ext
YAMLStatsOnExt
Environment variableEVENTSTORE_STATS_ON_EXT

Default: true, stats endpoint is enabled on the external HTTP.

You can also disable the gossip protocol in the external HTTP interface. If you do that, ensure that the internal interface is properly configured. Also, if you use gossip with DNS, ensure that the gossip port is set to the internal HTTP port.

FormatSyntax
Command line--gossip-on-ext
YAMLGossipOnExt
Environment variableEVENTSTORE_GOSSIP_ON_EXT

Default: true, gossip is enabled on the external HTTP.