Configure GitHub Enterprise with the DNS nameservers and hostname required in your network. You must also allow access to certain ports for administrative and user purposes.

About DNS nameservers

GitHub Enterprise automatically configures DNS settings on AWS and other DHCP environments, using nameservers provided in DHCP leases.

Configuring nameservers

If your DHCP server does not include nameservers, or if you need to use custom nameservers that are different than your DHCP server's leases, you can configure an alternate DNS manually.

About subdomain isolation

Subdomain isolation securely separates user-supplied content from other portions of your GitHub Enterprise appliance. This mitigates cross-site scripting and other related vulnerabilities.

Enabling subdomain isolation

You can set up subdomain isolation to securely separate user-supplied content from other portions of your GitHub Enterprise appliance.

About TLS

TLS (Transport Layer Security), which replaced SSL, is enabled and configured with a self-signed certificate when GitHub Enterprise is started for the first time. As self-signed certificates are not trusted by web browsers and Git clients, these clients will report certificate warnings until you disable TLS or upload a certificate signed by a trusted authority.

Configuring TLS

GitHub Enterprise uses a self-signed certificate when it is first started. You should configure TLS to use a certificate that is signed by a certificate authority that is trusted by web browsers.

Configuring hostnames

We recommend setting a hostname for your appliance instead of using a hard-coded IP address. This lets you change the physical hardware that GitHub Enterprise runs on without affecting users or the client software.

Validating your domain settings

Ensure that your instance is properly configured before booting up your GitHub Enterprise instance for the first time.

Configuring a proxy server

A proxy server provides an additional level of security for your instance. Any outbound messages sent by GitHub Enterprise—such as outgoing webhooks, uploading bundles, or fetching legacy avatars—are first sent through the proxy server, unless the destination host is added as an HTTP proxy exclusion.

Configuring built-in firewall rules

GitHub Enterprise uses Ubuntu's UFW firewall on the virtual appliance.

Network ports to open

Open network ports selectively based on the network services you need to expose for administrative and user purposes.