Port 3100, Kratos CIAM (public)

Role: Self-service API

Exposure: host-bound (firewall to localhost in prod)

Purpose

Browser-facing self-service flows. Restrict in prod firewall.

Security

This port must be blocked at the host firewall from the internet. Only Caddy (ports 80/443) is publicly reachable.

Verify exposure

# From outside the VPS
nmap -p 3100 <vps-ip>
# Expected: filtered / closed

Related

• Operate, Network topology
• Reference, Ports