Open Access to Plesk Services on an Amazon Lightsail Instance

By default, on Plesk instances deployed from Amazon Lightsail images, Plesk interface and a number of Plesk services (for example, FTP, mail, and databases) cannot be accessed. This is because the ports required for them to operate are blocked by the Amazon Lightsail Firewall. To access Plesk and use these services, you need to manually allow connections to specific ports or port ranges.

By default, on Plesk instances on Amazon Lightsail all outgoing connections are allowed, and all incoming connections are blocked. Exceptions are made for connections to ports listed in the table below.

Service name Ports used by the service

SSH (secure shell) server

TCP 22

Web server

TCP 80, TCP 443

Access to Plesk interface and Plesk services using ports not listed in the table above is blocked. To allow access to Plesk interface and one or more blocked Plesk services, you need to open the corresponding ports in the Amazon Lightsail Firewall.

To allow access to a Plesk service on an Amazon Lightsail instance:

  1. Go to Amazon Lightsail Home.
  2. Under “INSTANCES”, click the name of the desired instance, and then go to the “Networking” tab.
  3. Under “Firewall”, click +Add another and specify the following settings:
    • “Application”. Keep the default “Custom” value.
    • “Protocol”. Select the required protocol (TCP or UDP) from the drop-down list.
    • “Port range”. Specify the port or port range corresponding to the Plesk service you want to allow access to.

  4. Click Save.

To access Plesk for the first time, you need to allow access to the services listed in the table below.

Service name Ports used by the service

Administrative interface of Plesk over HTTPS

TCP 8443

Plesk Installer, Plesk upgrades and updates

TCP 8447

Domain name server

UDP 53, TCP 53

The following table shows the list of ports different Plesk services require to operate. For security reasons, we recommend that you allow access only to services you want to use. Keep the ports corresponding to the services you do not want to use closed. For example, if you want to use mail, open all ports listed in the “Mail” section.

Service group Service name Ports used by service Comments



Active FTP

TCP 20-21


Implicit FTPS

TCP 990


Passive FTP

TCP 49152-65535




SMTP server

TCP 25, TCP 465

Mail sending

POP3 server

TCP 110, TCP 995

Mail retrieval

IMAP server

TCP 143, TCP 993

Mail retrieval

Email messages submission

TCP 587




MySQL server

TCP 3306


PostgreSQL server

TCP 5432




Administrative interface of Plesk over HTTP

TCP 8880


VPN service

UDP 1194


For the list of ports you need to open to allow migrating customers and domains to or from your instance, read Migration Prerequisites.