Configuring network access with IP allowlists
You can access Bitrise virtual machines from behind a private network or a firewall. To do so, allowlist our build machine IP addresses in your network.
Our datacenters are behind a set of public static IP addresses, with the virtual machines having their own internal subnets behind these addresses. Depending on your company security policy, you may need to allowlist the public IP addresses to be able to access the build machine: IP address ranges for the Bitrise build machines.
Similarly, the Bitrise background workers powering app.bitrise.io UI and related control plane, configuration management, signaling to your services are accessible at a set of static IP addresses. Allowlisting these addresses can ensure you can
still receive build status updates or that Bitrise can access the bitrise.yml file: IP address ranges for Bitrise backend workers of your app.
IP address ranges for the Bitrise build machines
For most users, who host their repositories on cloud-based service providers, there is no need for any network configuration to be able to use Bitrise. All we need is permission to access the repository and for that, an SSH key or an access token is enough.
However, your company security policy might not allow unknown and unauthorized IP addresses to communicate with the servers where your code is being stored - either on your own datacenter or in a private cloud. In that case, Bitrise won’t work unless the relevant IP addresses are added to your allow list.
You will see IP addresses from the following ranges as source when your Bitrise build machines reach out to your services like Git to download your source code, or call into your test backend services, or any other services you run outside Bitrise that are required to be reached as part of your CI workflow.
Allowlist the entire subnet
If the provided public IP address is a subnet, you need to allow the entire subnet on your network! For example, 208.52.166.128/28 means all IP addresses between 208.52.166.128 and 208.52.166.143 (208.52.166.128, 208.52.166.129, 208.52.166.130, and so on, all the way to and including 208.52.166.143) have to be allowlisted.
|
Stack type |
Public IP |
|---|---|
|
Xcode stacks |
74.122.200.0/22 |
|
208.52.166.154/32 and 208.52.166.128/28 |
|
|
207.254.0.248/29 and 207.254.0.208/28 |
|
|
207.254.34.148/32 and 207.254.33.176/28 |
|
|
Linux/Docker stacks |
104.197.15.74/32 |
|
34.123.172.192/32 |
|
|
34.125.50.224/32 |
|
|
34.125.82.130/32 |
|
|
34.134.193.138/32 |
|
|
34.138.187.10/32 |
|
|
34.150.152.190/32 |
|
|
34.162.185.129/32 |
|
|
34.162.202.37/32 |
|
|
34.162.229.32/32 |
|
|
34.162.29.153/32 |
|
|
34.162.88.79/32 |
|
|
34.23.207.105/32 |
|
|
34.85.139.176/32 |
|
|
34.85.240.93/32 |
|
|
34.86.56.118/32 |
|
|
35.202.121.43/32 |
|
|
35.225.44.167/32 |
|
|
35.231.56.118/32 |
|
|
35.237.165.17/32 |
|
|
35.243.148.182/32 |
|
|
35.245.56.67/32 |
IP address ranges for Bitrise backend workers
Bitrise backend workers are operating behind firewalls and NAT gateways. There are some use cases when our backend workers need to reach your services.
These addresses may be relevant if you use self-hosted Git services or store your bitrise.yml file in the repository. In this way Bitrise can, for example, access the bitrise.yml file, or send build status updates on commits and pull requests in a self-hosted repository.
|
IP address ranges |
|---|
|
74.122.200.0/22 |
|
35.232.76.43 |
|
34.68.119.18 |
|
34.135.186.58 |