Service ports

Map Bugsnag's services to user-friendly hostnames and ports.

Bugsnag exposes a number of services, which you may wish to map to user-friendly hostnames and ports. Depending on your network configuration, you may need to configure your firewall, proxy or load balancer to make these changes.

Bugsnag dashboard

The main Bugsnag dashboard. Exposed on TCP port 49080.

We recommend you expose this on your internal network, so your teams can access Bugsnag in their browsers.

Health check information

URL: http://bugsnag.your-domain.com:49080/monitoring/health

Status Code: 200

Response Content: Empty response

Bugsnag event server

The write-only error and deploy reporting endpoint. Exposed on TCP port 49000.

This is where your applications will notify Bugsnag about errors and deploys. If you are sending crashes to Bugsnag from client-side applications (JavaScript & mobile) or applications outside your data center, you’ll need to expose this endpoint to the public internet.

Health check information

URL: http://bugsnag.your-domain.com:49000/ping

Status Code: 200

Response Content: “pong”

Bugsnag upload server

The write-only build artifact upload endpoint. Exposed on TCP port 49001.

If you are using Bugsnag with obfuscated iOS, macOS, Android, or JavaScript applications, we’ll recombine crashes with these build artifacts to help you with debugging.

Health check information

URL: http://bugsnag.your-domain.com:49001/ping

Status Code: 200

Response Content: “pong”

Bugsnag hooks server

The webhook endpoint used for two-way issue tracker integrations. Exposed on TCP port 49002.

We recommend you expose this to any issue tracker integrations you have configured.

Health check information

URL: http://bugsnag.your-domain.com:49002/ping

Status Code: 200

Response Content: “pong”

Bugsnag sessions server

The write-only sessions reporting endpoint. Exposed on TCP port 49003.

This is where your applications will notify Bugsnag about sessions. Sessions reported are used to calculate stability scores used on the releases dashboard. If you are sending session reports to Bugsnag from client-side applications (javascript & mobile) or applications outside your data center, you’ll need to expose this endpoint to the public internet.

Health check information

URL: http://bugsnag.your-domain.com:49003/ping

Status Code: 200

Response Content: “pong”

Bugsnag Build API

The Bugsnag Build API is exposed on the TCP port 49004.

This is where your applications can provide extra information whenever you build, release, or deploy your application.

Health check information

URL: http://bugsnag.your-domain.com:49004/ping

Status Code: 200

Response Content: “pong”

Bugsnag Data Access API

The Bugsnag Data Access API is exposed on the same TCP port as the dashboard, 49080, however to access this you have to set the X-Bugsnag-API: true header.

Health check information

The health check for the API is the same as the Bugsnag dashboard. Please see the health check section for the dashboard.

Grafana dashboard

Exposed on TCP port 49300.

This is where you can monitor your On-premise instance using pre built graphs and alerts.

Securing your instance

If you plan on running your Bugsnag instance in a non-isolated network alongside other machines and users, we recommend securing it with a firewall and whitelisting only the ports that need to be generally accessible (see below). This will ensure that only the required services are exposed to the network.

Example iptables rules

Below is an example of iptables rules that will allow only the required service ports and block all others:

EXTERNAL_INTERFACE=eth0
# This will allow ports for selected docker containers and block all others
iptables -N PRE-DOCKER-USER
iptables -I DOCKER-USER -j PRE-DOCKER-USER
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 80 -j ACCEPT # Optional if running nginx proxy container
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 443 -j ACCEPT # Optional if running nginx proxy container
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 8800 -j ACCEPT # Replicated management page
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49080 -j ACCEPT # Bugsnag dashboard
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49000 -j ACCEPT # Bugsnag notify
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49001 -j ACCEPT # Bugsnag upload
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49002 -j ACCEPT # Bugsnag hooks
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49003 -j ACCEPT # Bugsnag sessions
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49004 -j ACCEPT # Bugsnag builds
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -p tcp -m conntrack --ctorigdstport 49300 -j ACCEPT # Grafana
iptables -A PRE-DOCKER-USER -i ${EXTERNAL_INTERFACE} -j DROP
# This will allow ports for selected non-docker applications and block all others
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -p tcp --dport 22 -j ACCEPT # Allow SSH to the box
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -p tcp --dport 80 -j ACCEPT # Optional if running nginx proxy outside of docker
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -p tcp --dport 443 -j ACCEPT # Optional if running nginx proxy outside of docker
iptables -A INPUT -i ${EXTERNAL_INTERFACE} -j DROP

You will need to use iptables-save for these rules to persist a restart.