All Stella Ops web services are assigned deterministic HTTPS/HTTP port pairs to avoid collisions during local development and simplify service discovery configuration.
## Port Assignment Scheme
- **Formula**: Service at slot N → HTTPS = `10000 + N×10`, HTTP = `10000 + N×10 + 1`
- **Range**: 10000–10911
- **Local alias**: Each service additionally binds `https://{name}.stella-ops.local` (port 443) and `http://{name}.stella-ops.local` (port 80) — no port in URL
## Port Table
| Slot | HTTPS | HTTP | Service | Hostname | Path | Env Var |
Each web service has a corresponding `STELLAOPS_{SERVICE}_URL` environment variable. The Platform service reads these at startup (Layer 1 of the 3-layer configuration) and maps them into `ApiBaseUrls` for the Angular frontend.
Example: `STELLAOPS_SCANNER_URL=https://scanner.internal:10080` maps to `ApiBaseUrls["scanner"]`.
See also: [3-Layer Service URL Configuration](../../modules/platform/architecture-overview.md)
## Friendly Hostnames (`.stella-ops.local`)
Each service can be reached via `https://{name}.stella-ops.local` (port 443) and `http://{name}.stella-ops.local` (port 80) — no port in the URL. The HTTPS/HTTP dev ports (10000+) are bound to `localhost` only; the `.stella-ops.local` hostnames use standard ports.
Each hostname resolves to a **unique loopback IP** (`127.1.0.x`) so every service can bind ports 443/80 simultaneously without collisions. The entire `127.0.0.0/8` range is loopback on all platforms, so `127.1.0.x` addresses work the same as `127.0.0.1`.
The Angular UI (`ng serve`) binds to `https://stella-ops.local` (port 443 on `127.1.0.1`).
At startup each service resolves its hostname to its dedicated loopback IP and binds ports 443/80 on that IP. It logs the result:
- **Resolves, ports free**: `INFO Also accessible at https://{name}.stella-ops.local and http://{name}.stella-ops.local`
- **Resolves, ports taken**: `INFO Hostname {name}.stella-ops.local resolves but ports 443/80 are unavailable; use the dev port instead.`
- **Does not resolve**: `WARN Hostname {name}.stella-ops.local does not resolve. To enable friendly .stella-ops.local URLs, add hosts-file entries as described in docs/technical/architecture/port-registry.md.`
### Hosts file setup
Each service gets a unique loopback IP in the `127.1.0.x` range so ports 443/80 never collide.
Add the following to your hosts file (`C:\Windows\System32\drivers\etc\hosts` on Windows, `/etc/hosts` on Linux/macOS):
```
# Stella Ops local development hostnames
# Each service gets a unique loopback IP so all can bind :443/:80 simultaneously.
Deployment bundles under `deploy/` are the authoritative source of concrete network layouts.
## Cross-Origin Resource Sharing (CORS)
All Stella Ops web services use a shared CORS extension provided by `StellaOps.AspNet.Extensions` (`StellaOpsCorsExtensions`), with settings resolved by `StellaOps.Settings` (`StellaOpsCorsSettings`).
### Development mode
When the host environment is `Development`, CORS is automatically enabled with specific origins, `AllowAnyHeader`, `AllowAnyMethod`, and `AllowCredentials`.
Default dev origins (used when no explicit origin is configured):
-`https://stella-ops.local`
-`https://stella-ops.local:10000`
-`https://localhost:10000`
Override the defaults by setting `STELLAOPS_WEBSERVICES_CORS_ORIGIN`.
### Non-development (staging / production)
CORS is **disabled by default**. To enable, set the following environment variables (or their YAML/appsettings equivalents):
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
master