Map BugSnag’s services to user-friendly hostnames and ports.
This page refers to BugSnag On-premise legacy single machine version 3. For the latest information please see BugSnag On-premise.
BugSnag exposes a number of services, which you may wish to map to user-friendly hostnames and ports. Depending on your network configuration, you may need to configure your firewall, proxy or load balancer to make these changes.
The main BugSnag dashboard. Exposed on TCP port 49080.
We recommend you expose this on your internal network, so your teams can access BugSnag in their browsers.
URL: http://bugsnag.your-domain.com:49080/monitoring/health
Status Code: 200
Response Content: Empty response
The write-only error and deploy reporting endpoint. Exposed on TCP port 49000.
This is where your applications will notify BugSnag about errors and deploys. If you are sending crashes to BugSnag from client-side applications (JavaScript & mobile) or applications outside your data center, you’ll need to expose this endpoint to the public internet.
URL: http://bugsnag.your-domain.com:49000/ping
Status Code: 200
Response Content: “pong”
The write-only build artifact upload endpoint. Exposed on TCP port 49001.
If you are using BugSnag with obfuscated iOS, macOS, Android, or JavaScript applications, we’ll recombine crashes with these build artifacts to help you with debugging.
URL: http://bugsnag.your-domain.com:49001/ping
Status Code: 200
Response Content: “pong”
The webhook endpoint used for two-way issue tracker integrations. Exposed on TCP port 49002.
We recommend you expose this to any issue tracker integrations you have configured.
URL: http://bugsnag.your-domain.com:49002/ping
Status Code: 200
Response Content: “pong”
The write-only sessions reporting endpoint. Exposed on TCP port 49003.
This is where your applications will notify BugSnag about sessions. Sessions reported are used to calculate stability scores used on the releases dashboard. If you are sending session reports to BugSnag from client-side applications (javascript & mobile) or applications outside your data center, you’ll need to expose this endpoint to the public internet.
URL: http://bugsnag.your-domain.com:49003/ping
Status Code: 200
Response Content: “pong”
The BugSnag Build API is exposed on the TCP port 49004.
This is where your applications can provide extra information whenever you build, release, or deploy your application.
URL: http://bugsnag.your-domain.com:49004/ping
Status Code: 200
Response Content: “pong”
The BugSnag Data Access API is exposed on the same TCP port as the dashboard, 49080, however to access this you have to set the X-Bugsnag-API: true header.
The health check for the API is the same as the BugSnag dashboard. Please see the health check section for the dashboard.
Exposed on TCP port 49300.
This is where you can monitor your On-premise instance using pre built graphs and alerts.
If you plan on running your BugSnag instance in a non-isolated network alongside other machines and users, we recommend securing it with a firewall and whitelisting only the ports that need to be generally accessible (see below). This will ensure that only the required services are exposed to the network.
Below is an example of iptables rules that will allow only the required service ports and block all others:
EXTERNAL_INTERFACE=eth0
# This will allow ports for selected docker containers and block all others
iptables -N PRE-DOCKER-USER
iptables -I DOCKER-USER -j PRE-DOCKER-USER
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 80 -j ACCEPT # Optional if running nginx proxy container
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 443 -j ACCEPT # Optional if running nginx proxy container
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 8800 -j ACCEPT # Replicated management page
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49080 -j ACCEPT # BugSnag dashboard
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49000 -j ACCEPT # BugSnag notify
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49001 -j ACCEPT # BugSnag upload
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49002 -j ACCEPT # BugSnag hooks
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49003 -j ACCEPT # BugSnag sessions
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49004 -j ACCEPT # BugSnag builds
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49300 -j ACCEPT # Grafana
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -j DROP
# This will allow ports for selected non-docker applications and block all others
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -p tcp --dport 22 -j ACCEPT # Allow SSH to the box
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -p tcp --dport 80 -j ACCEPT # Optional if running nginx proxy outside of docker
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -p tcp --dport 443 -j ACCEPT # Optional if running nginx proxy outside of docker
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -j DROP
You will need to use iptables-save for these rules to persist a restart.