Using Flow with an internal server or behind a firewall

Tags: Flow

Many customers host their Git repositories on internal servers using GitHub Enterprise, GitLab, Bitbucket Server, Jira, or similar products. Flow needs to access these servers in order to collect the data used to calculate your metrics.

This can be accomplished securely by allowing access via HTTPS or SSH access to internal repositories. This ensures that all data transmitted to Flow is transmitted over a secure protocol.

Note: HTTPS access is recommended.


To make sure Flow can access your data:

  1. On your internal Git server, add Flow's static IP addresses to your allowlist:
    Flow static IP addresses
  2. Open up a port on your network.
  3. Once we have confirmed a secure connection with Flow, you may import your repos via one of our supported Git hosts or via SSH or HTTPS.

Note: If you use an internal Git or ticketing server to integrate with Flow, you may have an additional web application firewall (WAF). If so, allowlist these IPs for that firewall and adjust your WAF rate limits as needed.

Using Flow with an internal server using a private domain

By default, the internal servers hosting your projects and repositories need to be configured with a public domain so Flow can ingest your data. 

Flow collects the URLs of projects and resources from your internal server’s API. If those URLs include a private domain, Flow is unable to locate projects and resources associated with them. While you can set up the initial integration to these providers, no data will be imported.

If your internal server uses a private domain, work with your network or on-premises server administrator to set up a reverse proxy. A reverse proxy and additional configuration to your systems by your administrators, will transform your private URLs into public URLs in the API response to Flow, allowing Flow to successfully ingest your data.

back to top

If you need help, please contact Pluralsight Support.