Network Configuration
Firewall Configuration
Inbound
Application port
By default, the PactFlow On-Premises application runs on port 9292. To change it, set the PACTFLOW_HTTP_PORT environment variable.
Outbound
Webhooks
The PactFlow On-Premises application provides webhooks that are designed for triggering builds in the CI systems of integrated applications. You can also use them to provide status updates to source control systems (such as Github) or team chat software (for example, Slack). To enable PactFlow On-Premises to operate correctly, you must configure network access to systems that are likely to be the targets of these webhooks.
Note
You should whitelist the host names of these services in the PACTFLOW_WEBHOOK_HOST_WHITELIST environment variable.
Certificate and TLS termination
The recommended configuration is to handle TLS (HTTPS) at the load balancer. From there, use plain HTTP to talk to the app servers. Inside the container, the servers use local sockets to talk to the internal applications.
If you want to run PactFlow On-Premises in a TLS-everywhere configuration, modify the HAProxy configuration file (/tmp/haproxy.cfg) to bind the certificate to the frontend, and ensure the certificate is appropriately mounted or added to the container.
Refer to the HAProxy documentation for more information.