Information for Firewall Admins

URLs and Port Numbers

Q: What URLs and ports should I whitelist on my organization’s firewall to enable access to services?

A: Enable URLs to domain and its subdomains. Enable connections to TCP port 443 for HTTPS, and to port 22 to allow access via the SSH protocol. In the design of, we have worked to ensure that all services are provided exclusively via port 443, plus SSH access when the user has properly configured encryption keys. Connections to on port 80 are redirected to port 443, so you might want to enable that, too


Most of CoCalc’s services use websocket connections, so it’s necessary to allow this protocol over port 443.

It may be helpful to test your configuration for websocket connections on a 3rd party website. See Do WebSocket connections work? in the CoCalc troubleshooting guide for more info.

Browser tools can help to analyze websocket traffic. See for example WebSocket binary message viewer for Google Chrome and Inspecting web sockets for Firefox.