Open network ports selectively based on the network services you need to expose for administrators, end users, and email support.
In this article
Some administrative ports are required to configure your GitHub Enterprise Server instance and run certain features. Administrative ports are not required for basic application use by end users.
|8443||HTTPS||Secure web-based Management Console. Required for basic installation and configuration.|
|8080||HTTP||Plain-text web-based Management Console. Not required unless SSL is disabled manually.|
|122||SSH||Shell access for your GitHub Enterprise Server instance. Required to be open to incoming connections from all other nodes in a High Availability configuration. The default SSH port (22) is dedicated to Git and SSH application network traffic.|
|1194/UDP||VPN||Secure replication network tunnel in High Availability configuration. Required to be open to all other nodes in the configuration.|
|123/UDP||NTP||Required for time protocol operation.|
|161/UDP||SNMP||Required for network monitoring protocol operation.|
Application ports for end users
Application ports provide web application and Git access for end users.
|443||HTTPS||Access to the web application and Git over HTTPS.|
|80||HTTP||Access to the web application. All requests are redirected to the HTTPS port when SSL is enabled.|
|22||SSH||Access to Git over SSH. Supports clone, fetch, and push operations to public and private repositories.|
|9418||Git||Git protocol port supports clone and fetch operations to public repositories with unencrypted network communication.|
Warning: When terminating HTTPS connections on a load balancer, the requests from the load balancer to GitHub Enterprise Server also need to use HTTPS. Downgrading the connection to HTTP is not supported.
Email ports must be accessible directly or via relay for inbound email support for end users.
|25||SMTP||Support for SMTP with encryption (STARTTLS).|