This page describes any outbound network requests made by Octopus and Tentacle, and what information is included when Octopus checks for updates.
Outbound requests by Tentacle
For security reasons, we minimize the number of outbound requests made by the Tentacle deployment agent. The only outbound requests you should see are for:
- Certificate revocation list checking, which is a security feature of .NET.
- Automatic root certificate updates, again triggered by .NET.
- NuGet package downloads (only when using the Tentacle downloads directly from NuGet option).
- Connections back to the Octopus Server (only when Tentacle is configured in polling mode).
It's possible that scripts in your packages may make outbound requests; in this case you should take care when deploying packages created by a third party.
Outbound requests by Octopus
The Octopus Server makes the following outbound requests:
- Pushing packages and deployment instructions, and checking the health, of Tentacles.
- Downloading packages from the NuGet feeds that you configure.
- Windows Azure traffic (only when deploying to an Azure deployment target).
- Checking for updates (if enabled).
- Checking for updated community contribute step templates (if enabled).
NOTE: Our community contributed step template integration queries
library.octopus.com for updates.
What information is included when Octopus checks for updates?
By default, Octopus will periodically check for new releases. You can opt-out of checking for updates by navigating to Configuration ➜ Settings ➜ Updates in Octopus.
When the "Check for updates" option is enabled, Octopus will make a HTTPS request to the
octopus.com domain every 8 hours. This request includes:
- The current Octopus Deploy version number that you are running.
- A unique installation ID.
The Octopus.com site is hosted on Microsoft Azure, so you will see traffic going to Azure services.
In this section
The following topics are explained further in this section:
Need support? We're here to help.