I am not allowed to have bitbucket connect to my production server (security), so I need to have that server connect and pull the final code from bitbucket.
Is this possible ?
Hi Andrew and welcome to the community!
You don't have to make your server accessible from anywhere on the internet, but it needs to be accessible from the IPs that Bitbucket is using. Otherwise, there is no way for your server to reach Bitbucket Cloud.
You can find on the following link the IPs and ports that Bitbucket Cloud is using:
The ports are mentioned in the first paragraph and the IPs in the section Valid IP addresses for bitbucket.org, api.bitbucket.org, and altssh.bitbucket.org.
Kind regards,
Theodora
The problem is that's several IP ranges, and our security just won't allow it.
Is there any solution to this ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andrew,
If you only use IPv4, then you only need to whitelist the following ranges (and not everything from that page):
104.192.136.0/21
185.166.140.0/22
18.205.93.0/25
18.234.32.128/25
13.52.5.0/25
If that is still a lot for your security team, and if you only need to clone/pull a Bitbucket Cloud repo (and not use our API), then you could:
Please keep in mind though that if the firewall or a proxy in your network tries to resolve bitbucket.org again and ends up getting a different IP than the one set on the hosts file, the operation will fail.
This is not a recommended setup because the IPs we use could change at any time. In case this happens, there will be a failure again until you update the hosts file and your firewall with one of the new IPs.
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
104.192.136.0/21 is a range not an IP, I can't edit the host file to resolve to a range.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.