Skip to main content
This page covers network configuration for TeamSpeak 6 Server, including port configuration, IP bindings, and ServerQuery interface setup.

Default Ports

TeamSpeak 6 Server uses the following default ports:
PortProtocolServiceRequired
9987UDPVoice communicationYes
30033TCPFile transfersYes
10080TCPHTTP ServerQueryOptional
10022TCPSSH ServerQueryOptional
10443TCPHTTPS ServerQueryOptional
Only the voice port (9987/UDP) and file transfer port (30033/TCP) are required for basic operation. ServerQuery ports are optional and must be explicitly enabled.

Voice Port Configuration

--default-voice-port
integer
default:"9987"
Permanently sets the default UDP voice port for the first virtual server created.Range: 1-65535
Environment Variable: TSSERVER_DEFAULT_PORT
--voice-ip
string
default:"[0.0.0.0, ::]"
IP address(es) for the server to bind the voice port to. Supports both IPv4 and IPv6.Environment Variable: TSSERVER_VOICE_IP
./tsserver --default-voice-port 9987 --voice-ip 0.0.0.0
To listen on all interfaces (both IPv4 and IPv6), use both 0.0.0.0 and :: in the voice-ip configuration.

File Transfer Port

--filetransfer-port
integer
default:"30033"
Port on which to listen and advertise for file transfer connections.Range: 1-65535
Environment Variable: TSSERVER_FILE_TRANSFER_PORT
--filetransfer-ip
string
default:"[0.0.0.0, ::]"
The address on which to listen for file transfer connections.Environment Variable: TSSERVER_FILE_TRANSFER_IP
Docker Port Mapping: When running inside a Docker container, ensure that the internal container port matches the external host port. File transfers rely on clients connecting directly to this port.Correct: -p 30033:30033/tcp
Incorrect: -p 30034:30033/tcp (will cause connection failures)Mismatches between the container’s listening port and the published port will cause connectivity issues.
services:
  teamspeak:
    ports:
      - "30033:30033/tcp"  # Must match!
    environment:
      - TSSERVER_FILE_TRANSFER_PORT=30033
      - TSSERVER_FILE_TRANSFER_IP=0.0.0.0

ServerQuery Configuration

ServerQuery provides programmatic access to server administration. TeamSpeak 6 supports three query interfaces: HTTP, HTTPS, and SSH.

General Query Options

--query-pool-size
integer
default:"2"
How many threads to use for query command processing.Range: 2-32
Environment Variable: TSSERVER_QUERY_POOL_SIZE
--query-timeout
integer
default:"300"
Timeout in seconds before query connections expire.Environment Variable: TSSERVER_QUERY_TIMEOUT
--query-buffer-mb
integer
default:"20"
How much memory (in MB) to allocate for query connection buffering.Range: 20-100
Environment Variable: TSSERVER_QUERY_BUFFER_MB
--query-admin-password
string
default:""
Sets a password for the serveradmin query account, overriding the database value.Environment Variable: TSSERVER_QUERY_ADMIN_PASSWORD
--query-documentation-path
string
default:"serverquerydocs"
Path to the query documentation files.Environment Variable: TSSERVER_QUERY_DOCUMENTATION_PATH

HTTP ServerQuery

The HTTP interface provides a RESTful API for server management.
--query-http-enable
boolean
default:"false"
Enables the HTTP query interface.Environment Variable: TSSERVER_QUERY_HTTP_ENABLED (set to true or 1)
--query-http-port
integer
default:"10080"
The port for the HTTP query interface.Range: 1-65535
Environment Variable: TSSERVER_QUERY_HTTP_PORT
--query-http-ip
string
default:"[0.0.0.0, ::]"
Address to listen on for HTTP query connections.Environment Variable: TSSERVER_QUERY_HTTP_IP
services:
  teamspeak:
    ports:
      - "9987:9987/udp"
      - "30033:30033/tcp"
      - "10080:10080/tcp"  # HTTP Query
    environment:
      - TSSERVER_LICENSE_ACCEPTED=accept
      - TSSERVER_QUERY_HTTP_ENABLED=true
      - TSSERVER_QUERY_HTTP_PORT=10080

HTTPS ServerQuery

The HTTPS interface provides secure, encrypted API access.
--query-https-enable
boolean
default:"false"
Enables the HTTPS query interface.Environment Variable: TSSERVER_QUERY_HTTPS_ENABLED
--query-https-port
integer
default:"10443"
Port on which to listen for secure Web Query connections.Range: 1-65535
Environment Variable: TSSERVER_QUERY_HTTPS_PORT
--query-https-ip
string
default:"[0.0.0.0, ::]"
Address to listen on for secure Web Query connections.Environment Variable: TSSERVER_QUERY_HTTPS_IP
--query-https-certificate
string
default:""
Path to certificate file for HTTPS Web Query.Environment Variable: TSSERVER_QUERY_HTTPS_CERT
--query-https-private-key
string
default:""
Path to private key file used with the certificate.Environment Variable: TSSERVER_QUERY_HTTPS_PRIVATE_KEY
./tsserver \
  --query-https-enable \
  --query-https-port 10443 \
  --query-https-certificate /path/to/cert.pem \
  --query-https-private-key /path/to/key.pem
HTTPS ServerQuery requires a valid SSL/TLS certificate. You can use Let’s Encrypt or self-signed certificates for testing.

SSH ServerQuery

The SSH interface provides command-line access via SSH protocol.
--query-ssh-enable
boolean
default:"false"
Enables the SSH query interface.Environment Variable: TSSERVER_QUERY_SSH_ENABLED
--query-ssh-port
integer
default:"10022"
Port on which to listen for SSH query connections.Range: 1-65535
Environment Variable: TSSERVER_QUERY_SSH_PORT
--query-ssh-ip
string
default:"[0.0.0.0, ::]"
Address to listen on for SSH query connections.Environment Variable: TSSERVER_QUERY_SSH_IP
--query-ssh-rsa-key
string
default:"ssh_host_rsa_key"
Path to the SSH RSA host key file. Generated automatically if not found.Environment Variable: TSSERVER_QUERY_SSH_RSA_KEY
services:
  teamspeak:
    ports:
      - "10022:10022/tcp"  # SSH Query
    environment:
      - TSSERVER_QUERY_SSH_ENABLED=true
      - TSSERVER_QUERY_SSH_PORT=10022

Security Options

Admin Password

--query-admin-password
string
default:""
Override the query password for the built-in serveradmin account.Environment Variable: TSSERVER_QUERY_ADMIN_PASSWORD
export TSSERVER_QUERY_ADMIN_PASSWORD=your_secure_password
Always set a strong admin password in production environments. The default random password is logged only once during first startup.

IP Allow List

--query-ip-allow-list
string
default:"query_ip_allowlist.txt"
File path listing IPs exempt from query flood protection. One IP per line.Environment Variable: TSSERVER_QUERY_ALLOW_LIST
query_ip_allowlist.txt
192.168.1.100
10.0.0.0/8
2001:db8::1

IP Block List

--query-ip-block-list
string
default:"query_ip_denylist.txt"
File path listing IPs blocked from the query interface. One IP per line.Environment Variable: TSSERVER_QUERY_DENY_LIST
query_ip_denylist.txt
203.0.113.0/24
192.0.2.50

Brute Force Protection

--query-skip-brute-force-check
boolean
default:"false"
Skip brute force checking on query interface connections. Only use in trusted networks.Environment Variable: TSSERVER_QUERY_SKIP_BRUTE_FORCE_CHECK
Disabling brute force protection makes your server vulnerable to password attacks. Only use in isolated or development environments.

Logging Options

--query-log-commands
boolean
default:"false"
Log every command received on the query interface.Environment Variable: TSSERVER_QUERY_LOG_COMMANDS
--query-log-timing
integer
default:"3600"
Interval in seconds after which to log query statistics.Range: 10-31556952
Environment Variable: TSSERVER_QUERY_LOG_TIMING
export TSSERVER_QUERY_LOG_COMMANDS=true
export TSSERVER_QUERY_LOG_TIMING=1800

Complete Configuration Example

docker-compose.yml
services:
  teamspeak:
    image: teamspeaksystems/teamspeak6-server:latest
    container_name: teamspeak-server
    restart: unless-stopped
    ports:
      - "9987:9987/udp"    # Voice
      - "30033:30033/tcp"  # File transfer
      - "10080:10080/tcp"  # HTTP Query
      - "10022:10022/tcp"  # SSH Query
    environment:
      - TSSERVER_LICENSE_ACCEPTED=accept
      - TSSERVER_DEFAULT_PORT=9987
      - TSSERVER_FILE_TRANSFER_PORT=30033
      
      # Query configuration
      - TSSERVER_QUERY_HTTP_ENABLED=true
      - TSSERVER_QUERY_HTTP_PORT=10080
      - TSSERVER_QUERY_SSH_ENABLED=true
      - TSSERVER_QUERY_SSH_PORT=10022
      - TSSERVER_QUERY_ADMIN_PASSWORD=secure_password
      - TSSERVER_QUERY_POOL_SIZE=4
    volumes:
      - teamspeak-data:/var/tsserver

volumes:
  teamspeak-data:

Firewall Configuration

Ensure your firewall allows traffic on the required ports: 
sudo ufw allow 9987/udp comment 'TeamSpeak Voice'
sudo ufw allow 30033/tcp comment 'TeamSpeak File Transfer'
sudo ufw allow 10080/tcp comment 'TeamSpeak HTTP Query'
sudo ufw allow 10022/tcp comment 'TeamSpeak SSH Query'

Troubleshooting

Connection Issues

If clients cannot connect:
  1. Verify the voice port (9987/UDP) is open in your firewall
  2. Check that the server is listening on the correct IP address
  3. Ensure port forwarding is configured correctly on your router
  4. Test connectivity with netstat -tuln | grep 9987

File Transfer Problems

If file transfers fail:
  1. Verify Docker port mapping matches the configured port
  2. Ensure the file transfer port (30033/TCP) is accessible
  3. Check firewall rules allow TCP traffic on port 30033
  4. Confirm the port is not in use by another service

ServerQuery Not Accessible

If ServerQuery interfaces are not responding:
  1. Verify the interface is enabled (query-*-enable)
  2. Check the ports are not blocked by firewall
  3. Ensure no other service is using the query ports
  4. Review server logs for binding errors
  5. Test with curl http://localhost:10080 (for HTTP query)

Next Steps

YAML Configuration

Complete YAML file reference

Server Settings

Configure core server options

Build docs developers (and LLMs) love

Get started for freeTalk to us