Configure GitHub Enterprise with the DNS nameservers and hostname required in your network. You must also allow access to certain ports for administrative and user purposes.
About DNS nameservers
GitHub Enterprise automatically configures DNS settings on AWS and other DHCP environments, using nameservers provided in DHCP leases.
Configuring nameservers
If your DHCP server does not include nameservers, or if you need to use custom nameservers that are different than your DHCP server's leases, you can configure an alternate DNS manually.
About subdomain isolation
Subdomain isolation securely separates user-supplied content from other portions of your GitHub Enterprise appliance. This mitigates cross-site scripting and other related vulnerabilities.
Enabling subdomain isolation
You can set up subdomain isolation to securely separate user-supplied content from other portions of your GitHub Enterprise appliance.
About TLS
TLS (Transport Layer Security), which replaced SSL, is enabled and configured with a self-signed certificate when GitHub Enterprise is started for the first time. As self-signed certificates are not trusted by web browsers and Git clients, these clients will report certificate warnings until you disable TLS or upload a certificate signed by a trusted authority.
Configuring TLS
GitHub Enterprise uses a self-signed certificate when it is first started. You should configure TLS to use a certificate that is signed by a certificate authority that is trusted by web browsers.
Configuring hostnames
We recommend setting a hostname for your appliance instead of using a hard-coded IP address. This lets you change the physical hardware that GitHub Enterprise runs on without affecting users or the client software.
Validating your domain settings
Ensure that your instance is properly configured before booting up your GitHub Enterprise instance for the first time.
Configuring a proxy server
A proxy server provides an additional level of security for your instance. Any outbound messages sent by GitHub Enterprise—such as outgoing webhooks, uploading bundles, or fetching legacy avatars—are first sent through the proxy server, unless the destination host is added as an HTTP proxy exclusion.
Configuring built-in firewall rules
GitHub Enterprise uses Ubuntu's UFW firewall on the virtual appliance.
Network ports to open
Open network ports selectively based on the network services you need to expose for administrative and user purposes.
Using GitHub Enterprise with a load balancer
Use a load balancer in front of a single GitHub Enterprise appliance or a pair of appliances in a High Availability configuration.
