Livepatch client firewall configuration

tasdomas · November 26, 2021, 1:15pm

On firewalled machines, canonical-livepatch needs access to two hostnames:

If livepatch client is enabled using Ubuntu Pro, additional access to contracts.canonical.com on port 443 will be required.

For snap installation, see snap network requirements.

Note: Previously patches were served via HTTP until switching over to HTTPS in ~Oct 2023.

callynsky · January 29, 2023, 7:58pm

How to do this in “ufw” if this software only accepts ip numbers?.

whershberger · September 9, 2024, 3:49pm

The on-prem network access requirements were updated to use livepatch-files.canonical.com:443 instead of :80, but looks like this was missed.

It would also be nice to include a note that the protocol was changed (with an approximate date?).

kian-parvin · September 10, 2024, 7:23am

Thanks @whershberger, this has now been fixed.