Outbound requests

This page describes any outbound network requests made by Octopus and Tentacle, and what information is included when Octopus checks for updates.

Outbound requests by Tentacle

For security reasons, we minimize the number of outbound requests made by the Tentacle deployment agent. The only outbound requests you should see are for:

• Certificate revocation list checking, which is a security feature of .NET.
• Automatic root certificate updates, again triggered by .NET.
• NuGet package downloads (only when using the Tentacle downloads directly from NuGet option).
• Connections back to the Octopus Server (only when Tentacle is configured in polling mode).

It's possible that scripts in your packages may make outbound requests; in this case you should take care when deploying packages created by a third party.

Outbound requests by Octopus

The Octopus Server makes the following outbound requests:

1. Pushing packages and deployment instructions, and checking the health, of Tentacles.
2. Downloading packages from the NuGet feeds that you configure.
3. Windows Azure traffic (only when deploying to an Azure deployment target).
4. Checking for updates (if enabled).
5. Checking for updated community contribute step templates (if enabled).

NOTE: Our community contributed step template integration queries library.octopus.com for updates.

What information is included when Octopus checks for updates?

By default, Octopus will periodically check for new releases. You can opt-out of checking for updates by navigating to Configuration ➜ Settings ➜ Updates in Octopus.

When the "Check for updates" option is enabled, Octopus will make a HTTPS request to the octopus.com domain every 8 hours. This request includes:

• The current Octopus Deploy version number that you are running.
• A unique installation ID (read more below).

In this section

The following topics are explained further in this section:

• Telemetry

Need support? We're here to help.