Outbound requests
This page describes any outbound network requests made by Octopus and Tentacle, and what information is included when Octopus checks for updates.
Outbound requests by Tentacle
For security reasons, we minimize the number of outbound requests made by the Tentacle deployment agent. The only outbound requests you should see are for:
- Certificate revocation list checking, which is a security feature of .NET.
- Automatic root certificate updates, again triggered by .NET.
- NuGet package downloads (only when using the Tentacle downloads directly from NuGet option).
- Connections back to the Octopus Server (only when Tentacle is configured in polling mode).
It's possible that scripts in your packages may make outbound requests; in this case you should take care when deploying packages created by a third party.
Outbound requests by Octopus
The Octopus Server makes the following outbound requests:
- Pushing packages and deployment instructions, and checking the health, of Tentacles.
- Downloading packages from the NuGet feeds that you configure.
- Windows Azure traffic (only when deploying to an Azure deployment target).
- Checking for updates (if enabled).
- Checking for updated built-in step templates (if enabled).
- Checking for updated community contributed step templates (if enabled).
- Behavioral telemetry is sent to https://telemetry.octopus.com (if enabled).
Built-in step templates
From Octopus 2022.1 some built-in step templates can be automatically updated. Octopus will make requests to the following URLs in order to check for and download updated versions of step templates:
steps-feed.octopus.comstepsprodpackages.blob.core.windows.net. The infrastructure for the service that hosts the updated versions of step templates runs in Azure.
Community contributed step templates
Our community contributed step template integration queries library.octopus.com for updates.
What information is included when Octopus checks for updates?
By default, Octopus will periodically check for new releases. You can opt-out of checking for updates by navigating to Configuration ➜ Settings ➜ Updates in Octopus.
When the "Check for updates" option is enabled, Octopus will make a HTTPS request to the octopus.com domain every 8 hours. This request includes:
- The current Octopus Deploy version number that you are running.
- A unique installation ID.
Microsoft Azure
The Octopus.com site is hosted on Microsoft Azure, so you will see traffic going to Azure services.
In this section
The following topics are explained further in this section:
Need support? We're here to help.