Open network ports selectively based on the network services you need to expose for administrators, end users, and email support.

Administrative ports

Some administrative ports are required to configure your GitHub Enterprise instance and run certain features. Administrative ports are not required for basic application use by end users.

Port Service Description
8443 HTTPS Secure web-based Management Console. Required for basic installation and configuration.
8080 HTTP Plain-text web-based Management Console. Not required unless SSL is disabled manually.
122 SSH Shell access for your GitHub Enterprise instance. The default SSH port (22) is dedicated to Git and SSH application network traffic.
1194/UDP VPN Secure replication network tunnel in High Availability configuration.
123/UDP NTP Required for time protocol operation.
161/UDP SNMP Required for network monitoring protocol operation.

Application ports for end users

Application ports provide web application and Git access for end users.

Port Service Description
443 HTTPS Access to the web application and Git over HTTPS.
80 HTTP Access to the web application. All requests are redirected to the HTTPS port when SSL is enabled.
22 SSH Access to Git over SSH. Supports clone, fetch, and push operations to public and private repositories.
9418 Git Git protocol port supports clone and fetch operations to public repositories with unencrypted network communication.

Warning: When terminating HTTPS connections on a load balancer, the requests from the load balancer to GitHub Enterprise also need to use HTTPS. Downgrading the connection to HTTP is not supported.

Email ports

Email ports must be accessible directly or via relay for inbound email support for end users.

Port Service Description
25 SMTP Support for SMTP with encryption (STARTTLS).