Network Configuration
Warning
PactFlow On-Premises 1.x is now in maintenance mode and receives security updates only. It will no longer be supported after March 11, 2026.
To benefit from the latest features and improvements, upgrade to version 2.x as soon as possible.
Firewall Configuration
Inbound
Application port
The PactFlow On-Premises application runs on port 9292 by default. This can be configured by setting the PACTFLOW_HTTP_PORT environment variable.
Outbound
Webhooks
The PactFlow On-Premises application provides webhooks that are primarily designed for triggering builds in the CI systems of integrated applications. They may also be used to provide status updates to source control systems (e.g., Github) or team chat software (eg. Slack). To enable PactFlow On-Premises to operate correctly, network access should be configured to systems that are likely to be the targets of these webhooks.
The host names of these services should also be whitelisted in the PACTFLOW_WEBHOOK_HOST_WHITELIST environment variable.
Certificate and TLS termination
The recommended configuration is to terminate TLS at the load balancer, communicating over HTTP to the target application servers.
If you would like to run PactFlow On-Premises in a TLS-everywhere configuration there are several options:
- Run the PactFlow On-Premises container with a sidecar reverse proxy such as nginx configured with the TLS configuration of your choosing. 
- Raise a feature request with us so that we can add it to our backlog and support it natively with the underlying application server (Puma).