DataSync requires various network permissions depending on the upload method you choose. When using the latest upload methods (HTTP rather than FTP or SODA2) the standard ports 80 and 443 will be used. Although we strongly recommend using the HTTP methods, if you are using DataSync’s FTP methods, ports 22222 and 3131-3141 need to be open, in addition to ports 80 and 443. If you have configured email notifications, the SMTP and SSL ports need to be open.
NOTE: Because network setups can vary wildly, this does not attempt to be a definitive guide, but does hope to give you some guidance if DataSync doesn’t work out of the box because of networking issues.
Firewalls can block both incoming and outgoing traffic and can be configured to block particular ports, domains, programs and/or types of traffic.
Per port access, as noted above, DataSync requires usage of ports 80 (for http) and 443 (for https). If you are using FTP methods, port 22222 (for control connection) and ports 3131 to 3141 (for data transferral) are also required. If you have configured email notifications, the SMTP and SSL ports need to be open.
Per domain access, if using HTTP or Soda2 methods, DataSync communicates exclusively with the domain you provide in your configuration. If using FTP methods, DataSync will also need to reach Socrata’s ftp server. If you are using email notification, DataSync makes requests to the domain for the outgoing mail server. These domains should be white-listed according to your firewall’s rules.
Per program restrictions and in particular if using the Windows Firewall, you will need to allow DataSync to communicate through the Windows Firewall. Be aware that you may need to do this for each network (home, work, public) that you use.
Per traffic types, DataSync has different request characteristics depending on which upload method you’ve chosen.
Proxy servers intercept network traffic and can be configured in numerous ways to allow/block, inspect and encrypt/decrypt traffic, among other things. As such, everything in the “Behind a Firewall” section may apply. Because DataSync sends ssl requests, the proxy server must be set up to correctly handle encrypted traffic, i.e. that it is a “transparent proxy” - ask your IT deparment to confirm this.
DataSync must be configured to route its requests through the proxy. At minimum, this configuration requires the hostname and port and if the proxy server is authenticated, your proxy username and password as well.
NOTICE: DataSync has proxy support only for the HTTP methods; FTP and Soda2 methods cannot currently work behind a proxy.
Some networks will not allow Java programs to run if the version is outdated, particularly if the older version presents a security risk. You or your IT department will need to update to the most recent Java.
If you receive a SunCertPathBuilderException, there are two typical causes:
Run the following, removing the proxy options if you are not behind a proxy server. You can remove the ‘-rfc’ option to get additional information about each certificate in the chain.
keytool -J-Dhttps.proxyHost=<PROXY_HOST> -J-Dhttps.proxyPort=<PROXY_PORT> -printcert -rfc -sslserver <DOMAIN>:443
Run the following, using your keystore password if that has been set up or the default password ‘changeit’ otherwise.
keytool -import -keystore cacerts -file <FILENAME>.cer
If you are still stuck after reading this page becasue of networking problems, please contact Socrata support and provide the following information: