If I need to whitelist Ably's servers from a firewall, which ports, IPs and/or domains should I add?

Ports

All of Ably's client libraries exclusively use the standard HTTPS port 443 for WebSockets and HTTP traffic over TLS.

When configured to not use TLS, port 80 is used. Please note we rarely recommend anyone uses an unencrypted connection and this is disabled by default in all client libraries.

 

If using our Ably Protocol Adapters and/or our Ably Reactor service, the following ports are used:

  • Reactor queue over AMQP - TLS only using port 5671
  • Reactor queue over STOMP - TLS only using port 61614
  • MQTT adapter - port 8883 over TLS and port 1883 for unencrypted socket
  • PubNub adapter - HTTPS only using port 443
  • Pusher adapter - HTTPS only using port 443

 

IPs and domain names

Unfortunately it is impossible for Ably to publish a set of IP addresses for the cloud based service as our service is elastic and IP addresses are reassigned dynamically as a normal part of our service.

 

Ably's client libraries by default connect to Ably using the following domains:

 

Please note that customers using custom CNAMEs will have a different set of primary REST and Realtime domains, and may also have a different set of fallback host domains.  Please contact us to find out more about your domains.

 

If using our Ably Protocol Adapters and/or our Ably Reactor service, the following domains are used:

  • Reactor Queue US East 1 - us-east-1-a-queue.ably.io
  • Reactor Queue other regions - get in touch
  • MQTT adapter - mqtt.ably.io
  • PubNub adapter - pubnub-rest.ably.io
  • Pusher adapter - pusher-rest.ably.io and pusher-realtime.ably.io