Support for buildAgent running behind firewall

There doesn't seem to be any support for TeamCity build agents to run behind a firewall and without a publicly accessible IP address.  Is this true?
The reason I ask is that powerful web servers are expensive.  But TeamCity doesn't need a powerful server in my case -- only the build agents do.  If I could run my personal computers as build agents from whatever network they're on, with no public IP address and behind firewalls, then that would be ideal -- in fact making what I'm trying to do affordable at all.

What I'm thinking is that the build agent could reach out and open a connection with the Team City web server.  It would be a connection that either hangs open indefinitely or periodically polls to see if Team City has any work for it to do, and all instructions and results would travel over the build agent initiated TCP connection rather than the other way around.  This way, the fact that the build agent has no public IP address doesn't matter at all.

Is this possible, or possibly on the scope for a future release?  (I really hope so!)


Comment actions Permalink

Sorry for the delay. The question is still relevant? If yes please leave a comment or create a separate thread.

Kind regards,
Comment actions Permalink

Yes, please :-)

My research agrees with Andrew's experience that we can not run a build agent within our corporate firewall while the server runs on AWS (w/o tunnelling 'ownPort' in the firewall). Some of those links are included below.

## Optional

## A port that TeamCity server will use to connect to the agent.

## Please make sure that incoming connections for this port

## are allowed on the agent computer (e.g. not blocked by a firewall)


But, I would like the answer to Andrew's question from a developer and I qoute:

"Is this possible, or possibly on the scope for a future release?  (I really hope so!)"


Please sign in to leave a comment.