Required DNS Entries
Enterprise customers running FLECS in restricted network environments must allow the following hostnames through their firewalls and proxies. These entries are required for FLECS Core, the FLECS Console, and the app marketplace to function correctly.
All endpoints are reachable over the public internet — no inbound connectivity is needed.
Required entries
flecs.tech
Fetches app icons and other public assets
HTTPS (443)
console.flecs.tech
API gateway for app data, description text, app availability, and licensing
HTTPS (443)
cr.flecs.tech
OCI registry for apps and FLECS Core components
OCI (HTTPS, 443)
flecspublic.azurecr.io
OCI registry FLECS Core components
OCI (HTTPS, 443)
flecs.azurecr.io
OCI registry for apps
OCI (HTTPS, 443)
codeberg.org/flecs-tech
Hosts the FLECS installation scripts
HTTPS (443)
install.flecs.tech
Endpoint for the installation bash script
HTTPS (443)
latest.flecs.tech
Endpoint to query latest versions of FLECS
HTTPS (443)
Optional entries
install-staging.flecs.tech
Endpoint for installing development/staging versions of FLECS
HTTPS (443)
Notes
All listed endpoints use TLS on port 443. Outbound HTTPS must be permitted; transparent TLS-inspecting proxies must trust the upstream certificate chain.
The OCI registry at
cr.flecs.techis accessed by both the Docker daemon (when pulling FLECS Core images) and by FLECS Core itself (when installing apps).If your network policy requires IP-based rules instead of hostnames, contact FLECS support for the current address ranges, as these may change over time.
Last updated
Was this helpful?