our buildserver system is made of on-premise Git-Hosting (TFS/ADS) and ContinuaCI/FinalBuilder. TFS is configured to use WebHooks to notify Continua about changes We have plans to move the Git-Hosting to a cloud solution. BitBucket for example supports WebHooks. However it is not clear what the process looks like, as the external system must pass a network boundary when sending an http message to a local network. Possibily authentication can become an issue too.
Moving Continua/FinalBuilder to the cloud is not an option at this time. Also we don’t want to use Continua Polling, as this has caused high load on our Continua-Server in the past.
Any help appreciated.
Your CI server needs to be accessible over the internet, which means you will need to open a port on your firewall and map it to your internal server. You will probably also need an SSL certificate for your CI server - I guess you can use letsencrypt for that.
You will need to modify the the repos’s manual polling url
I would also suggest you use your firewall capabilities to limit which ip addresses can connect to the server - most git cloud services will have a list of ip address they use for webhooks that you can whitelist on your firewall and block everything else. Without that you are exposing your CI server to bots etc for discovery and potential hacking or DDOS etc.
DISCLAMER : Note that this is general advice, we do not recommend exposing CI server’s to the internet and take no responsibility for any consequences.
your general advice is just what i needed. The hint to an IP Allowlist will get me to the right direction. Thanks a lot for your help.