Port 2015 has no official service registered with IANA. It sits in the registered port range (1024–49151) — the middle tier of the port numbering system, where applications are supposed to formally claim their spot. Port 2015 never did.
But it has a story anyway.
The Caddy Connection
When Matt Holt released Caddy on April 28, 2015, the web server world had a problem: getting HTTPS right was tedious, error-prone, and required too much manual work. Caddy's answer was automatic HTTPS — point it at a domain, and it would handle certificates itself.
Caddy v1 needed a default port for when you ran it locally or without a domain. It picked :2015. No RFC justified this. IANA had nothing to say about it. The number matched the year the server launched, which is almost certainly why it was chosen — a small, quiet timestamp embedded in the default config.
In Caddy 2, the default changed to :443 (or :80 when no hostname is known). Port 2015 was retired from the default, but it lingers in old tutorials, legacy configs, and the occasional forum post from someone wondering why their Caddy install is listening on a strange port.1
What the Registered Range Means
Ports in the 1024–49151 range are registered ports. The idea is that applications needing a consistent, known port register with IANA so two services don't accidentally collide. In practice, the registry is imperfect: some ports are registered but unused, some are unregistered but universally understood, and plenty — like 2015 — simply exist in the gap.
An unassigned registered port isn't dangerous by itself. It's neutral ground. What matters is what's actually listening on it.
What's Listening on Your Machine?
If you see port 2015 active on a system, the most likely explanation is Caddy v1 — or software that chose this port arbitrarily. To check:
Linux / macOS:
Windows:
Why Unassigned Ports Matter
The port numbering system only works if applications respect it. Every unregistered service that picks an arbitrary port and builds a user base around it adds noise — making it harder to audit what's running, harder to write firewall rules, and harder to debug unexpected traffic.
Port 2015 mostly avoided this fate. Caddy's use of it was always informal, always documented, and always limited to development contexts. When Caddy 2 shipped with proper defaults, the port quietly faded back into the unassigned pool.
It's a small lesson in how the port registry actually works: not as law, but as convention. Conventions can be ignored. They can also, eventually, be corrected.
ئایا ئەم پەڕەیە بەسوود بوو؟