JetStream Primer


The JetStream server runs as a single process, with an optional relay process, when required:

The main service that sends and receives files.
An optional service that can reroute transfers when setting up DMZ or when more advanced firewall/network traversal is required.

Default Configuration

JetStream services use the following ports:

  • jetstream-server: TCP 8886, UDP 8886
  • jetstream-relay: TCP 8887, UDP 8886 (public – opened on behalf of jetstream-server)
  • License server: outgoing TCP 8885 (used by JetStream server to connect to a license server)

TCP port 8886 is used for API communication with the JetStream server. UDP port 8886 is used for sending and receiving data. In cases where the relay service is used, TCP port 8887 is used for internal communication with the JetStream server, and the JetStream relay will open UDP ports for sending and receiving on behalf of the connected JetStream server (default UDP 8886). If these ports need to be adjusted, you can edit the corresponding JetStream configuration file. (See Editing Configuration, jetstream server --api-port, jetstream server --recv-port, jetstream relay_server --control-port.)

Additionally, the jetstream-server service needs to allocate one outgoing UDP port for each destination. By default these ports are allocated dynamically, but if desired, can be specified when creating destinations. If you are restricting outgoing traffic through the firewall, you will either need to open up the outgoing ephemeral range (dynamic port allocation) or the specific ports you specified when the destinations were created.

To receive transfers, you will need to open the JetStream receive port (default UDP 8886) in your firewall. In order the accept connections from the JetStream client, you will additionally need to open the JetStream API port (default TCP 8886).

If you are restricting outgoing traffic through the firewall, you will also need to open TCP port 8885 to allow connection to the licensing server.

After installation, JetStream services are disabled on Linux and Windows. In order to use JetStream, you will need to start the service manually and optionally enable it to start automatically on boot. A single service is capable of both sending and receiving files.

JetStream services will run as root (Linux, macOS) or Local System Account (Windows), and require users to authenticate before they can transfer files.

JetStream listens for API connections on all network interfaces. To change this behaviour, see --api-allow-remote-control, --api-host.

By default, JetStream is configured to use a persistent state directory located in /var/lib/jetstream/state on Linux and macOS, and C:\WINDOWS\system32\config\systemprofile\AppData\Local\Jet Digital Inc\JetStream\state on Windows. See --persistent-state-dir.

The default trigger directory is /var/lib/jetstream/triggers on Linux and macOS, and C:\WINDOWS\System32\config\systemprofile\AppData\Local\Jet Digital Inc\JetStream\triggers on Windows. See --trigger-dir.

JetStream server collects anonymized telemetry data, such as round trip times, transfer rates, or file size statistics, and sends them to Jet Digital as per the EULA. To learn what data is collected please refer to Telemetry. You can use --disable-telemetry to disable this behaviour.

User Management

JetStream integrates with your system’s built-in authentication. This allows any users with login permissions on the server to send to and retrieve files from the JetStream server. For more information see User Management.


Users require a password to authenticate with the JetStream server. If a user account exists without a password, that user cannot authenticate with JetStream.

Where Do Transfers Go?

By default, a JetStream server is not sandboxed, and defaults to writing transfers directly below the system’s root folder. The system, as well as individual users, can be sandboxed, restricting access to one or more directories. See Where Do Transfers Go?.