Skip to main content

Restricting the visibility of forwarded ports

You can set constraints on the visibility options users can choose when they forward ports from codespaces in your organization.

Who can use this feature

To manage access to port visibility constraints for the repositories in an organization, you must be an owner of the organization.

GitHub Codespaces está disponible para las organizaciones que usen GitHub Team o GitHub Enterprise Cloud. GitHub Codespaces también está disponible como versión beta limitada para usuarios individuales en los planes GitHub Free y GitHub Pro. Para más información, vea "Productos de GitHub".

Overview

Typically, within a codespace you are able to forward ports privately (only to yourself), to members of your organization, or publicly (to anyone with the URL). For more information, see "Forwarding ports in your codespace."

As an organization owner, you may want to configure constraints on the visibility options users can set when forwarding ports. For example, for security reasons, you may want to disallow public port forwarding. You do this by defining one or more policies in the GitHub Codespaces settings for your organization.

Behavior when you set a port visibility constraint

If there are existing codespaces that no longer conform to a policy you have defined, these codespaces will continue to operate until they are stopped or time out. When the user resumes the codespace, it will be subject to the policy constraints.

Note: You can't disable private port forwarding, as private port forwarding is required by GitHub Codespaces to continue working as designed, for example to forward SSH on port 22.

Setting organization-wide and repository-specific policies

When you create a policy you choose whether it applies to all repositories in your organization, or only to specified repositories. If you set an organization-wide policy then any policies you set for individual repositories must fall within the restriction set at the organization level. Adding policies makes the choice of visibility options more, not less, restrictive.

For example, you could create an organization-wide policy that restricts the visibility options to organization only. You can then set a policy for Repository A that disallows both public and organization visibility, which would result in only private port forwarding being available for this repository. Setting a policy for Repository A that allowed both public and organization would result in only organization visibility, because the organization-wide policy does not allow public visibility.

If you add an organization-wide policy, you should set it to the most lenient visibility option that will be available for any repository in your organization. You can then add repository-specific policies to further restrict the choice.

Nota: Las políticas de organización que definas para Codespaces solo se aplican a los codespaces para los que se facturará la organización. Si un usuario individual crea un codespace para un repositorio de tu organización y la organización no se factura, dicho codespace no estará enlazado por estas políticas. Para obtener información sobre cómo elegir quién puede crear codespaces que se facturan a tu organización, consulta "Habilitar GitHub Codespaces para tu organización".

Adding a policy to limit the port visibility options

  1. En la esquina superior derecha de GitHub.com, haga clic en la foto de perfil y luego en Your organizations. Opción Your organizations (Sus organizaciones) en el menú del perfil

  2. Junto a la organización, haga clic en Settings. El botón de configuración

  3. En la sección "Código, planificación y automatización" de la barra lateral, seleccione Codespaces y, después, haga clic en Directivas.

  4. En la página "Directivas de codespace", haga clic en Crear directiva.

  5. Ingresa un nombre para tu política nueva.

  6. Click Add constraint and choose Port visibility.

    Add a constraint for port visibility

  7. Click to edit the constraint.

    Edit the port visibility constraint

  8. Clear the selection of the port visibility options (Org or Public) that you don't want to be available.

    Choose the port visibility options

  9. En el área de "Cambiar destino de la política", haz clic en el botón desplegable.

  10. Elija All repositories o Selected repositories para determinar a qué repositorios se aplicará esta directiva.

  11. Si ha elegido Selected repositories:

    1. Haga clic en .

      Editar los ajustes para la política

    2. Selecciona los repositorios a los cuales quieres que aplique esta política.

    3. En la parte inferior de la lista de repositorios, haga clic en Select repositories.

      Selecciona los repositorios para esta política

  12. If you want to add another constraint to the policy, click Add constraint and choose another constraint. For information about other constraints, see "Restricting access to machine types," "Restricting the idle timeout period," and "Restricting the retention period for codespaces."

  13. After you've finished adding constraints to your policy, click Save.

Editing a policy

You can edit an existing policy. For example, you may want to add or remove constraints to or from a policy.

  1. Display the "Codespace policies" page. For more information, see "Adding a policy to limit the port visibility options."
  2. Click the name of the policy you want to edit.
  3. Make the required changes then click Save.

Deleting a policy

  1. Display the "Codespace policies" page. For more information, see "Adding a policy to limit the port visibility options."

  2. Click the delete button to the right of the policy you want to delete.

    The delete button for a policy