Configuration requirements for HipChat Data Center deployment
The information on this page provides more configuration details for the services you must set up before you deploy a HipChat Data Center instance.
These configuration requirements are the same for both small- and Enterprise-scale deployments, so make sure you read it top to bottom!
On this page:
Network configuration requirements
- The HipChat nodes should be deployed on a private network. If you're on AWS, we recommend that you deploy on a dedicated virtual private cloud (VPC). You should only be able to access the nodes through the load balancer, or directly by using SSH.
- Each HipChat node must have unrestricted network access to the other nodes.
- Your private network should only allow inbound connections on port 80 (HTTP), 443 (HTTPS), and 22 (SSH). (See the load balancer configuration details below.)
- SSL must be terminated at the load balancer.
- The private network on which you deploy should allow outbound access or have a forward proxy. If your organization uses a DMZ, you can deploy the load balancer there.
The HipChat nodes also require access to ports 53 for DNS and 123 for NTP, and may require additional additional access to enable optional features such as email notifications, Add-ons, HipChat Video, and mobile notifications. You may need to write additional firewall rules to allow this access. See the HipChat node requirements for more information.
HipChat node requirements
- Each node must have a static IPv4 address. (This IP should not be accessible by the public internet.)
- The nodes must be configured in the UTC timezone, and must keep the time synchronized using NTP.
- To use NTP, the nodes must be able to access port 123 over TCP/UDP.
- Each node must have a unique hostname. This name must be unique among all members of the cluster.
For clarity in logs and troubleshooting, the name should also be different from the public DNS entry used by the load balancer.
- To use DNS, the nodes must be able to access port 53 over TCP/UDP.
Outgoing TCP ports for optional features
Depending on which HipChat features you choose to enable, you may need to unblock or write firewall rules for the following outbound connections. If you are using a forward proxy, you can use it to access most of these services without writing rules.
|Email notifications||25 TCP||If your SMTP server is accessible by the HipChat nodes from inside the network, this is not required.|
|Native mobile notifications||443 TCP to
||You can whitelist all of
|HipChat video||443 TCP to
||The HipChat nodes require one-time access to the central Video server to register themselves. (Clients require access on port 1000.)|
|Add-ons||443 TCP to
|Used for retrieving Add-Ons listings from the Atlassian Marketplace. Add-ons may require additional access to function correctly.|
|Analytics reporting ("Phone home")||443 TCP to
||We use the statistics reported to these servers to help make HipChat better!|
Postgres database requirements
- If you're deploying a highly available (HA) Enterprise-scale HipChat Data Center instance, Postgres must also be configured to be highly available.
- You must use the Postgres default port
Record the IP or DNS address of the host, or an endpoint that can be used to access it (such as a dedicated load balancer for the database).
Must be Postgres version: 9.5
We recommend that you configure Postgres to be highly available, but this is not required.
- Set the database to use UTF-8.
- The instance should be configured in the UTC timezone, and must use NTP to stay synchronized with the HipChat nodes.
- Create a database on the Postgres instance. The database name must:
- start with a letter
- be between 8 and 30 characters
- only include letters, numbers, dashes, periods, and underscores
- Create a user to access the database. (Do not use the Postgres SUPERUSER account.) Make sure that the user has
GRANTS ALLaccess to the database you just created.
Redis cache requirements
- If you're deploying a highly available (HA) Enterprise-scale HipChat Data Center instance, Redis must also be configured to be highly available.
- Use the default Redis port of
- Record the address of the instance.
- Must be Redis version 3.2.
- Must be configured to be highly available.
- For security purposes, we recommend that you enable authentication, and then change the default password. (Make sure you record these credentials for later.)
Enable persistence by setting the following configuration values:
NFS volume requirements
- Must be NFSv4.
- This volume must be accessible anonymously (with read and write permissions) by all three HipChat Nodes.
- If you are using AWS, you can use the AWS Elastic File System (EFS).
Load balancer or Reverse proxy configuration
You may use any load balancer that meets the following requirements:
Must support HTTPs endpoints and SSL offloading, and terminate SSL.
- If you are deploying an Enterprise-scale HipChat Data Center instance, the load balancer must support "cookie based session affinity" (also known as "sticky sessions").
- Must be configured with a DNS record so clients can access it.
- Must be configured to forward traffic from port 443 to port 80.
- Configured with an SSL certificate for connections on port 443.
If you are using AWS, you can use the Classic Elastic Load Balancer (ELB).
The following reference configuration is for an NGINX load balancer:
Was this helpful?
Thanks for your feedback!