Configuring network access for Bitrise
You can access Bitrise virtual machines from behind a private network or a firewall. To do so, allowlist our build machine IP addresses in your network.
Our datacenters are behind a set of public static IP addresses, with the virtual machines having their own internal subnets behind these addresses. Depending on your company security policy, you may need to allowlist the public IP addresses to be able to access the build machine: IP addresses for the Bitrise build machines
Similarly, the Bitrise website and its background workers are accessible at a set of static IP addresses. Allowlisting these addresses can ensure you can still receive build status updates or that Bitrise can access the bitrise.yml
file: IP addresses for the Bitrise website of your app.
Connecting via a VPN
You can connect to Bitrise via a VPN - but it can cause a conflict if your local network uses the same address space as our build VMs. In such a case, the VPN may detect a clash and return an error. In this case, the only solution is to re-configure your local address space to use different subnets than our virtual machines.
IP addresses for the Bitrise build machines
For most users, who host their repositories on cloud-based service providers, there is no need for any network configuration to be able to use Bitrise. All we need is permission to access the repository and for that, an SSH key is enough.
However, your company security policy might not allow unknown and unauthorized IP addresses to communicate with the servers where your code is being stored - either on your own datacenter or in a private cloud. In that case, Bitrise won’t work unless the relevant IP addresses are added to your allow list.
Private build platforms
The IP addresses listed in Table 1, “External and internal IP addresses for the build machines” are only relevant for users who use our public cloud platform. Users on our private build platforms should contact their customer success managers for any assistance with network configuration.
To make sure you can access our build machines from behind a firewall or from a private cloud:
-
Check what type of stacks your company uses.
-
Look up the IP addresses belonging to those stacks in Table 1, “External and internal IP addresses for the build machines”.
IP addresses for different machine types
Please note that the different stack types have different public IPs. If, for example, you only use the Xcode stacks, there is no need to allowlist the IPs belonging to the Linux/Docker environments.
-
Allowlist all the IP addresses you need.
Allowlist the entire subnet
If the provided public IP address is a subnet, you need to allow the entire subnet on your network! For example, 208.52.166.128/28 means all IP addresses between 208.52.166.128 and 208.52.166.143 (208.52.166.128, 208.52.166.129, 208.52.166.130, and so on, all the way to and including 208.52.166.143) have to be allowlisted.
Stack type |
Public IP |
Build VM internal subnet |
---|---|---|
Xcode stacks |
208.52.166.154/32 and 208.52.166.128/28 |
10.200.0.0/20 |
207.254.0.248/29 and 207.254.0.208/28 |
10.246.0.0/20 |
|
207.254.34.148/32 and 207.254.33.176/28 |
10.254.224.0/20 |
|
Linux/Docker stacks |
104.197.15.74/32 |
10.0.0.0/9 |
34.123.172.192/32 |
10.0.0.0/9 |
|
34.125.50.224/32 |
10.0.0.0/9 |
|
34.125.82.130/32 |
10.0.0.0/9 |
|
34.134.193.138/32 |
10.0.0.0/9 |
|
34.138.187.10/32 |
10.0.0.0/9 |
|
34.150.152.190/32 |
10.0.0.0/9 |
|
34.162.185.129/32 |
10.0.0.0/9 |
|
34.162.202.37/32 |
10.0.0.0/9 |
|
34.162.229.32/32 |
10.0.0.0/9 |
|
34.162.29.153/32 |
10.0.0.0/9 |
|
34.162.88.79/32 |
10.0.0.0/9 |
|
34.23.207.105/32 |
10.0.0.0/9 |
|
34.85.139.176/32 |
10.0.0.0/9 |
|
34.85.240.93/32 |
10.0.0.0/9 |
|
34.86.56.118/32 |
10.0.0.0/9 |
|
35.202.121.43/32 |
10.0.0.0/9 |
|
35.225.44.167/32 |
10.0.0.0/9 |
|
35.231.56.118/32 |
10.0.0.0/9 |
|
35.237.165.17/32 |
10.0.0.0/9 |
|
35.243.148.182/32 |
10.0.0.0/9 |
|
35.245.56.67/32 |
10.0.0.0/9 |
IP addresses for the Bitrise website
The Bitrise website is reachable via a set of static IP addresses: the website itself and all its background workers are running on these addresses.
These addresses may be relevant if you use self-hosted Git services or store your bitrise.yml
file in the repository. In this case, we recommend allowlisting the relevant IP addresses in order to ensure your network can connect to our workers. In this way Bitrise can, for example, access the
bitrise.yml
file, or send build status updates on commits and pull requests in a
self-hosted repository.
IP addresses |
---|
35.232.76.43 |
34.68.119.18 |
34.135.186.58 |