Warning
This article contains information relevant only to customer workspaces connected to the Fireblocks EU environment. For information about networking requirements for all other workspaces, refer to the API Co-Signer networking requirements article.
IMPORTANT NOTE:
This article will be deprecated by February 28th, 2025. For all API Co-signer documentation, visit this overview article, which also links to updated Co-signer content in the Developer Portal.
Overview
The API Co-Signer server actively queries your Fireblocks workspace for activity. There is no incoming communication for security and simplicity. The outbound connections required during setup or server maintenance can be closed after regular workspace activity has resumed.
Networking requirements
Inbound connections
No inbound connections are required.
Outbound connections
Access required during setup, and when stopping or restarting the machine:
- Download Docker over port 443 to https://download.docker.com/linux/
- Download pip over port 443 to https://bootstrap.pypa.io/get-pip.py/
- Comment this out if you want to install it yourself.
- Open port 5000 to https://registry.gitlab.com/customer-cosigner/
- Download SGX driver (if not already installed): https://download.01.org/intel-sgx/sgx-dcap/1.10.3/linux/distro/ubuntu20.04-server/
- Install docker-compose: https://github.com/docker/compose/releases/download/1.29.2/
- Install prerequisites packages apt-update over port 80: http://azure.archive.ubuntu.com/ubuntu
- Whitelist the following URLs:
All times the API Co-Signer is active:
- Open port 443 to https://fb-certs.s3.amazonaws.com
- Open port 443 to https://eu-mobile-api.fireblocks.io/
- Open port 443 to https://fb-customers.s3.amazonaws.com/uploads/
- Open port 443 to https://eu-s3signurl.fireblocks.io/
- Open port 443 to https://fireblocks-eu-prod-fr-cosigner.s3.amazonaws.com