Skip to main content

Configuring network access for Bitrise

Abstract

You can access Bitrise virtual machines from behind a private network or a firewall. To do so, allowlist our build machine IP addresses in your network.

Our datacenters are behind a set of public static IP addresses, with the virtual machines having their own internal subnets behind these addresses. Depending on your company security policy, you may need to allowlist the public IP addresses to be able to access the build machine: IP addresses for the Bitrise build machines

Similarly, the Bitrise website and its background workers are accessible at a set of static IP addresses. Allowlisting these addresses can ensure you can still receive build status updates or that Bitrise can access the bitrise.yml file: IP addresses for the Bitrise website of your app.

Connecting via a VPN

You can connect to Bitrise via a VPN - but it can cause a conflict if your local network uses the same address space as our build VMs. In such a case, the VPN may detect a clash and return an error. In this case, the only solution is to re-configure your local address space to use different subnets than our virtual machines.

Connecting to a VPN during a build.

IP addresses for the Bitrise build machines

For most users, who host their repositories on cloud-based service providers, there is no need for any network configuration to be able to use Bitrise. All we need is permission to access the repository and for that, an SSH key is enough.

However, your company security policy might not allow unknown and unauthorized IP addresses to communicate with the servers where your code is being stored - either on your own datacenter or in a private cloud. In that case, Bitrise won’t work unless the relevant IP addresses are added to your allow list.

Private build platforms

The IP addresses listed in Table 1, “External and internal IP addresses for the build machines are only relevant for users who use our public cloud platform. Users on our private build platforms should contact their customer success managers for any assistance with network configuration.

To make sure you can access our build machines from behind a firewall or from a private cloud:

  1. Check what type of stacks your company uses.

  2. Look up the IP addresses belonging to those stacks in Table 1, “External and internal IP addresses for the build machines.

    IP addresses for different machine types

    Please note that the different stack types have different public IPs. If, for example, you only use the Xcode stacks, there is no need to allowlist the IPs belonging to the Linux/Docker environments.

  3. Allowlist all the IP addresses you need.

    Allowlist the entire subnet

    If the provided public IP address is a subnet, you need to allow the entire subnet on your network! For example, 208.52.166.128/28 means all IP addresses between 208.52.166.128 and 208.52.166.143 (208.52.166.128, 208.52.166.129, 208.52.166.130, and so on, all the way to and including 208.52.166.143) have to be allowlisted.

Table 1. External and internal IP addresses for the build machines

Stack type

Public IP

Build VM internal subnet

Xcode stacks

208.52.166.154/32 and

208.52.166.128/28

10.200.0.0/20

207.254.0.248/29 and

207.254.0.208/28

10.246.0.0/20

207.254.34.148/32 and

207.254.33.176/28

10.254.224.0/20

Linux/Docker stacks

104.197.15.74/32

10.0.0.0/9

34.123.172.192/32

10.0.0.0/9

34.125.50.224/32

10.0.0.0/9

34.125.82.130/32

10.0.0.0/9

34.134.193.138/32

10.0.0.0/9

34.138.187.10/32

10.0.0.0/9

34.150.152.190/32

10.0.0.0/9

34.162.185.129/32

10.0.0.0/9

34.162.202.37/32

10.0.0.0/9

34.162.229.32/32

10.0.0.0/9

34.162.29.153/32

10.0.0.0/9

34.162.88.79/32

10.0.0.0/9

34.23.207.105/32

10.0.0.0/9

34.85.139.176/32

10.0.0.0/9

34.85.240.93/32

10.0.0.0/9

34.86.56.118/32

10.0.0.0/9

35.202.121.43/32

10.0.0.0/9

35.225.44.167/32

10.0.0.0/9

35.231.56.118/32

10.0.0.0/9

35.237.165.17/32

10.0.0.0/9

35.243.148.182/32

10.0.0.0/9

35.245.56.67/32

10.0.0.0/9


IP addresses for the Bitrise website

The Bitrise website is reachable via a set of static IP addresses: the website itself and all its background workers are running on these addresses.

These addresses may be relevant if you use self-hosted Git services or store your bitrise.yml file in the repository. In this case, we recommend allowlisting the relevant IP addresses in order to ensure your network can connect to our workers. In this way Bitrise can, for example, access the bitrise.yml file, or send build status updates on commits and pull requests in a self-hosted repository.

Table 1. Static IP addresses for the Bitrise website and its background workers

IP addresses

35.232.76.43

34.68.119.18

34.135.186.58