Network Requirements
Defakto components connect to the following public endpoints. Ensure these are accessible from your environment before proceeding with installation. You may need to allow list these endpoints in egress filtering systems for your organization.
Management tooling
These endpoints are used by Defakto's web UI and spirlctl.
| Endpoint | Purpose |
|---|---|
| api.spirl.com:443 | Management API |
| app.spirl.com:443 | Management web UI |
| auth.api.spirl.com:443 | Authentication for web and CLI |
Self-hosted Trust Domain Server
Self-hosted Trust Domain Servers will connect to these endpoints.
| Endpoint | Purpose |
|---|---|
| auth.cp.spirl.com:443 | Authenticates a server with the Control Plane |
| events.cp.spirl.com:443 | Receives events (e.g. SVID issuance) from servers |
| relay-web.cp.spirl.com:443 | Persistent management connection to the Control Plane |
Hosted Trust Domain Server
Defakto Agents connecting to a hosted Trust Domain Server need access to these endpoints.
| Endpoint | Purpose |
|---|---|
| *.agent.spirl.com:443 | Agent API provided by the Trust Domain Server |
Federation
Defakto's federation infrastructure is hosted at these endpoints
| Endpoint | Purpose |
|---|---|
| fed.spirl.org:443 | SPIFFE Bundle and OIDC metadata |