Technical Primer¶
Overview¶
The JetStream server runs as a single process, with an optional relay process, when required:
- jetstream-server
- The main service that sends and receives files.
- jetstream-relay
- An optional service that can reroute transfers when setting up DMZ or when more advanced firewall/network traversal is required. It is not started by default. See Relay Configuration for details.
Default Configuration¶
The following ports need to be forwarded to the JetStream server to allow incoming connections from an external network:
Port | Protocol | Use |
---|---|---|
8886 | TCP | API communication |
8886 | UDP | file transfer |
If these ports need to be adjusted, you can edit the corresponding JetStream configuration file. (See Editing Configuration, jetstream server --api-port
, jetstream server --recv-port
, jetstream relay_server --control-port
.)
Additional ports can be configured, allowing multiple transfers to be received simutaneously. (See Editing Configuration, jetstream server --recv-port
.)
Note that incoming UDP and TCP connections typically use dynamically allocated ports by default.
The JetStream server will attempt to make the following outgoing connection for licensing:
Destination Address | Destination Port | Protocol |
---|---|---|
licensing.gojetstream.io | 8885 | TCP |
After installation, the JetStream server service is enabled and set to start automatically on boot on all platforms except CentOS 7 where the service must be started manually. A single service is capable of both sending and receiving files.
JetStream services will run as root (Linux, macOS) and requires users to authenticate before they can transfer files.
JetStream listens for API connections on all network interfaces. To change this behaviour, see --api-allow-remote-control
, --api-host
.
By default, JetStream is configured to use a persistent state directory located in /var/lib/jetstream/state
on Linux and macOS.
The default trigger directory is /var/lib/jetstream/triggers
on Linux and macOS. See --trigger-dir
.
JetStream server collects anonymized telemetry data, such as round trip times, transfer rates, or file size statistics, and sends them to Jet Digital as per the EULA. To learn what data is collected please refer to Telemetry.
User Management¶
JetStream integrates with your system’s built-in authentication. This allows any users with login permissions on the host computer to send and receive files from the JetStream server. For more information see User Management.
Note
Users require a password to authenticate with the JetStream server. If a user account exists without a password, that user cannot authenticate with JetStream.
Temporary credentials can be created by using Shared Folders. This allows the creation of login tokens that are time limited, and restricted to only a single directory. See API Tokens for technical details.
Server administration tasks can be performed by users designated as Superusers.
Where Do Transfers Go?¶
By default, a JetStream server is not sandboxed, and defaults to writing transfers directly below the system’s root folder. The system, as well as individual users, can be sandboxed, restricting access to one or more directories. See Where Do Transfers Go?.