The Tines tunnel provides a way to securely access your systems running on private networks from the Tines cloud environment. It is deployed as a container service.
Get started by opening your tenant and appending the URL with: /admin/tunnel. This gives you the relevant information to deploy the tunnel container.
Deploying the tunnel
The tunnel container can be run with Docker using the example below or similarly with other container orchestration platforms.
docker run \
--env TINES_TUNNEL_SECRET="secret" \
tines/tines-tunnel:latest
The tunnel service uses the host routing and DNS services where it is deployed.
Using the tunnel
HTTP Requests can be sent through the tunnel by selecting the Use tunnel parameter in an HTTP Request action properties panel.
Connectivity Requirements
The Tines tunnel uses Cloudflare Tunnels. To function properly, it requires connectivity to Cloudflare. It does not require additional inbound from Tines, the internet, or elsewhere.
The container will attempt to form a connection with the services below from its deployment location.
DESTINATION | PORT | PROTOCOLS | DIRECTION |
region1.argotunnel.com | 7844 | TCP/UDP/QUIC/h2mux | Outbound |
region2.argotunnel.com | 7844 | TCP/UDP/QUIC/h2mux | Outbound |
region1.v2.argotunnel.com | 7844 | TCP/UDP/QUIC/h2mux | Outbound |
region2.v2.argotunnel.com | 7844 | TCP/UDP/QUIC/h2mux | Outbound |
api.cloudflare.com | 443 | TCP/HTTPS | Outbound |
updates.cloudflare.com | 443 | TCP/HTTPS | Outbound |
If utilizing strict TLS/SSL inspection, exclude the above HTTPS traffic from the interception policy and outbound traffic to cftunnel.com.
For more information, see Cloudflare's documentation here.
➡️ The tunnel is an available add-on for cloud customers.
Learn more by contacting Tines support.