Configuring network access for Bitrise build machines

For most users, who host their repositories on cloud-based service providers, there is no need for any network configuration to be able to use Bitrise. All we need is permission to access the repository and for that, an SSH key is enough.

However, your company security policy might not allow unknown and unauthorized IP addresses to communicate with the servers where your code is being stored - either on your own datacenter or in a private cloud. In that case, Bitrise won’t work unless the relevant IP addresses are added to your allow list.

Our datacenters are behind a set of public static IP addresses, with the virtual machines having their own internal subnets behind these addresses. Depending on your company security policy, you may need to allowlist the public IP addresses to be able to access the build machines.

Private build platforms

The IP addresses listed in Table 1, “External and internal IP addresses for the build machines are only relevant for users who use our public cloud platform. Users on our private build platforms should contact their customer success managers for any assistance with network configuration.

To make sure you can access our build machines from behind a firewall or from a private cloud:

  1. Check what type of stacks your company uses.

  2. Look up the IP addresses belonging to those stacks in Table 1, “External and internal IP addresses for the build machines.

  3. Allowlist all the IP addresses you need.

Allowlist the entire subnet

If the provided public IP address is a subnet, you need to allow the entire subnet on your network! For example, 208.52.166.128/28 means all IP addresses between 208.52.166.128 and 208.52.166.143 (208.52.166.128, 208.52.166.129, 208.52.166.130, and so on, all the way to and including 208.52.166.143) have to be allowlisted.

IP addresses for different machine types

Please note that the different stack types have different public IPs. If, for example, you only use the Xcode stacks, there is no need to allowlist the IPs belonging to the Linux/Docker environments.

Connecting via a VPN

You can connect to Bitrise via a VPN - but it can cause a conflict if your local network uses the same address space as our build VMs. In such a case, the VPN may detect a clash and return an error. In this case, the only solution is to re-configure your local address space to use different subnets than our virtual machines.

Table 1. External and internal IP addresses for the build machines

Stack type

Public IP

Build VM internal subnet

Xcode and VS4Mac stacks

208.52.166.154/32 and

208.52.166.128/28

10.200.0.0/20

207.254.0.248/29 and

207.254.0.208/28

10.246.0.0/20

207.254.34.148/32 and

207.254.33.176/28

10.254.224.0/20

Linux/Docker stacks

104.197.15.74/32

10.0.0.0/9

34.125.50.224/32

10.0.0.0/9

34.125.82.130/32

10.0.0.0/9

35.202.121.43/32

10.0.0.0/9

35.237.165.17/32

10.0.0.0/9

35.231.56.118/32

10.0.0.0/9