Skip to main content

Tunnel

Tunnel Setup

The Tunnel feature of Tines provides a method to access your systems running on private networks from the Tines cloud environment, securely. Tunnel is deployed as a container service. Tunnel is available to Teams and Enterprise cloud deployment pricing plans and is not available to self-hosted deployments of Tines.

To enable the Tunnel feature, contact Tines support. Once enabled, visit https://<tenant-domain>/admin/tunnel to obtain the information needed for deploying the container.

Deploying Tunnel

The Tunnel container can be run with Docker using the example below or similarly with other container orchestration platforms.

docker run \
--env TINES_TUNNEL_SECRET="secret" \
tines/tines-tunnel:latest

The Tunnel service will utilize the routing and DNS services of the host it is deployed on.

Using Tunnel

HTTP Requests can be sent through the Tunnel by utilizing the "Use tunnel" parameter in the configuration of a HTTP Request Action.

Tunnel Action Configuration

Connectivity Requirements

Tunnel uses Cloudflare Tunnels and requires connectivity to Cloudflare to function properly.

No inbound connectivity to the container is required by Tines from the internet or elsewhere. The container will attempt to form a connection with the services below from its deployment location.

DestinationPortProtocolsDirection
region1.argotunnel.com7844TCP/UDP/QUIC/h2muxOutbound
region2.argotunnel.com7844TCP/UDP/QUIC/h2muxOutbound
api.cloudflare.com443TCP/HTTPSOutbound
updates.cloudflare.com443TCP/HTTPSOutbound

If utilizing strict TLS/SSL inspection, exclude the above HTTPS traffic from the interception policy.