Artifactory domains to allow when running self-hosted runners under a firewall.

Platform Notice: Cloud Only - This article only applies to Atlassian apps on the cloud platform.

Summary

When running Bitbucket pipeline builds with a self-hosted runner under a firewall you will have to ensure to allow traffic for all Atlassian artifactories. Otherwise, users may experience failures like this:

Unable to pull image: Head \"https://k8s-docker.packages.atlassian.com/v2/pause/manifests/3.8\": Get \"https://k8s-docker.packages.atlassian.com/api/docker/k8s-docker/v2/token?scope=repository%3Apause%3Apull&service=k8s-docker.packages.atlassian.com\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

Solution

Here is the list of domains to allow:

docker-public.packages.atlassian.com
public.ecr.aws
docker-hub.packages.atlassian.com
k8s-docker.packages.atlassian.com
public.ecr.aws

Updated on September 26, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support

Artifactory domains to allow when running self-hosted runners under a firewall.

Summary

Solution

Still need help?