Skip to main content
The HTTP and HTTPS query interfaces provide REST-style access to your TeamSpeak 6 server. These protocols are ideal for web applications, modern APIs, and integration with web-based administration tools.

HTTP Configuration

Enable HTTP Query

The HTTP query interface is disabled by default. You can enable it using any of these methods: 
./tsserver --query-http-enable --query-http-port 10080

HTTP Configuration Options

ParameterEnvironment VariableDefaultTypeDescription
--query-http-enableTSSERVER_QUERY_HTTP_ENABLEDfalseBooleanEnables the HTTP query interface
--query-http-portTSSERVER_QUERY_HTTP_PORT10080Integer (1-65535)Port for HTTP query connections
--query-http-ipTSSERVER_QUERY_HTTP_IP[0.0.0.0, ::]StringIP addresses to bind for HTTP queries

HTTPS Configuration

Enable HTTPS Query

The HTTPS interface provides encrypted query connections using SSL/TLS. You’ll need a valid certificate and private key.
1

Prepare SSL Certificate

Obtain or generate an SSL certificate and private key:
# Generate self-signed certificate (for testing)
openssl req -x509 -newkey rsa:4096 -keyout query_key.pem -out query_cert.pem -days 365 -nodes
Self-signed certificates should only be used for testing. Use a certificate from a trusted CA in production.
2

Configure HTTPS

Enable HTTPS with your certificate files:
./tsserver \
  --query-https-enable \
  --query-https-port 10443 \
  --query-https-certificate /path/to/query_cert.pem \
  --query-https-private-key /path/to/query_key.pem
3

Verify HTTPS Connection

Test your HTTPS connection:
curl -k https://your-server:10443/

HTTPS Configuration Options

ParameterEnvironment VariableDefaultTypeDescription
--query-https-enableTSSERVER_QUERY_HTTPS_ENABLEDfalseBooleanEnables the HTTPS query interface
--query-https-portTSSERVER_QUERY_HTTPS_PORT10443Integer (1-65535)Port for HTTPS query connections
--query-https-ipTSSERVER_QUERY_HTTPS_IP[0.0.0.0, ::]StringIP addresses to bind for HTTPS queries
--query-https-certificateTSSERVER_QUERY_HTTPS_CERTNoneStringPath to SSL certificate file
--query-https-private-keyTSSERVER_QUERY_HTTPS_PRIVATE_KEYNoneStringPath to SSL private key file

Binding to Specific IP Addresses

By default, the query interfaces bind to all available IPv4 and IPv6 addresses. You can restrict this to specific IPs: 
./tsserver --query-http-enable --query-http-ip 192.168.1.100

Complete Configuration Examples

HTTP Only

Simple HTTP query interface for local network access:
tsserver.yaml
server:
  query:
    pool-size: 4
    timeout: 300
    buffer-mb: 20
    admin-password: "http-query-password"
    
    http:
      enable: 1
      port: 10080
      ip:
        - 0.0.0.0
        - "::"

HTTPS Only (Production)

Secure HTTPS configuration for production environments:
tsserver.yaml
server:
  query:
    pool-size: 8
    timeout: 600
    buffer-mb: 50
    admin-password: "secure-https-password"
    log-commands: 1
    ip-allow-list: query_ip_allowlist.txt
    
    https:
      enable: 1
      port: 10443
      ip:
        - 0.0.0.0
        - "::"
      certificate: /etc/ssl/certs/teamspeak-query.crt
      private-key: /etc/ssl/private/teamspeak-query.key

Both HTTP and HTTPS

Run both protocols simultaneously:
tsserver.yaml
server:
  query:
    pool-size: 6
    timeout: 300
    buffer-mb: 30
    admin-password: "query-password"
    
    http:
      enable: 1
      port: 10080
      ip:
        - 127.0.0.1
    
    https:
      enable: 1
      port: 10443
      ip:
        - 0.0.0.0
        - "::"
      certificate: /etc/ssl/certs/teamspeak-query.crt
      private-key: /etc/ssl/private/teamspeak-query.key
In this example, HTTP is restricted to localhost (127.0.0.1) for local administration, while HTTPS is available on all interfaces for remote access.

Docker Configuration

When running TeamSpeak 6 in Docker, expose the query ports: 
docker run -d \
  -p 10080:10080 \
  -e TSSERVER_QUERY_HTTP_ENABLED=1 \
  -e TSSERVER_QUERY_HTTP_PORT=10080 \
  teamspeak6-server

Firewall Configuration

Ensure your firewall allows query traffic:
UFW (Ubuntu)
sudo ufw allow 10080/tcp comment 'TeamSpeak HTTP Query'
sudo ufw allow 10443/tcp comment 'TeamSpeak HTTPS Query'
firewalld (CentOS/RHEL)
sudo firewall-cmd --permanent --add-port=10080/tcp
sudo firewall-cmd --permanent --add-port=10443/tcp
sudo firewall-cmd --reload
iptables
sudo iptables -A INPUT -p tcp --dport 10080 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 10443 -j ACCEPT
sudo iptables-save > /etc/iptables/rules.v4

Testing Your Configuration

1

Verify Service is Listening

Check that the server is listening on the configured ports:
netstat -tlnp | grep tsserver
# or
ss -tlnp | grep tsserver
You should see your configured HTTP and/or HTTPS ports listed.
2

Test HTTP Connection

Test the HTTP endpoint:
curl http://your-server:10080/
3

Test HTTPS Connection

Test the HTTPS endpoint:
curl -k https://your-server:10443/
The -k flag skips certificate verification. Remove it when using a trusted certificate.

Security Best Practices

Follow these security guidelines when configuring HTTP/HTTPS query:
  • Use HTTPS in production: Always use HTTPS for query connections over the internet
  • Use trusted certificates: Obtain certificates from a trusted CA for production use
  • Restrict IP access: Use --query-ip-allow-list to limit which IPs can connect
  • Use strong passwords: Set a strong admin password with --query-admin-password
  • Enable logging: Use --query-log-commands to audit query activity
  • Limit exposure: Bind to specific IPs instead of all interfaces when possible
  • Keep HTTP local: If using both protocols, restrict HTTP to localhost and use HTTPS for remote access

Next Steps

SSH Query

Configure the SSH query interface

Authentication

Set up query admin credentials

Build docs developers (and LLMs) love

Get started for freeTalk to us