Introduction
The Linux instance that runs Terraform Enterprise requires specific network configurations to allow incoming access for users and administrators. The instance also needs outbound access to several external services for software updates and resource downloads.
Ingress Requirements
The following inbound ports must be accessible:
-
22: Allows SSH access to the instance for administration and debugging. -
80: Allows access to the Terraform Enterprise application via HTTP. This port redirects to port443. -
443: Allows access to the Terraform Enterprise application via HTTPS. -
8800: Allows access to the installer dashboard. -
9870-9880(inclusive): Used for internal communication on the host and its subnet. This range should not be publicly accessible. -
23000-23100(inclusive): Used for internal communication on the host and its subnet. This range should not be publicly accessible.
Egress Requirements
Online Mode
If you install Terraform Enterprise in online mode, it requires outbound access to the following hostnames for software updates. Air-gapped installations do not require this access.
api.replicated.comget.replicated.comregistry-data.replicated.comregistry.replicated.comquay.ioquay-registry.s3.amazonaws.comindex.docker.ioauth.docker.ioregistry-1.docker.iodownload.docker.comproduction.cloudflare.docker.com
Additional Services
Terraform Enterprise requires access to the following hostnames for its core operations, unless you supply a custom Terraform bundle.
-
registry.terraform.io: Required for Terraform 0.12 and later. releases.hashicorp.com
When Cost Estimation is enabled, Terraform Enterprise accesses the respective cloud provider APIs for pricing information.
api.pricing.us-east-1.amazonaws.comcloud.google.comazure.microsoft.com
Additional Information
For additional details and edge cases regarding network requirements, refer to the Terraform Enterprise Network Requirements documentation.