Service Tunneling

Create Service Mode using Tunneling

Ngrok

To use Commander Service Mode with Ngrok, sign up on ngrok.com and generate an Auth token from https://dashboard.ngrok.com/authtokens

If you are using a custom domain, set this up under: https://dashboard.ngrok.com/domains and specify the custom subdomain when starting the Commander service mode.

Using Ngrok has security implications. Follow this guidance:

• Ensure that the Keeper service account is running with minimal permissions and access. We recommend limiting the scope of the service account to only the least amount of privilege.

• Protect access to the service through Ngrok's IP policies

• Limit the scope of supported commands. For example, if you only need to add records through the API, then only allow the record-add command. See the Command List section.

Cloudflare

This guide walks you through the steps to configure your Commander Service to work with a Cloudflare Tunnel, allowing secure access to your service over the internet.

Prerequisites

Before starting, ensure you have the following:

• Cloudflare Account: Sign up at dash.cloudflare.com

• Registered Domain: Your domain must be added to Cloudflare.

• Tunnel Token: You'll generate this via the Cloudflare Zero Trust dashboard.

Step 1: Add Your Domain to Cloudflare

1. Log In to the Cloudflare Dashboard

2. Onboard a Domain:

   • Click "Onboard a Domain"

   • Enter your domain (e.g., example.com)

   • Select a Cloudflare plan (Free or Paid)

3. Review & Configure DNS Records:

   • Cloudflare will attempt to auto-detect existing DNS records.

   • Review and update as needed.

4. Update Nameservers:

   • Cloudflare provides 2 nameservers.

   • Update these at your domain registrar.

   • Wait for DNS propagation (can take up to 24 hours)

5. Enable SSL/TLS:

   • In the Cloudflare dashboard, go to SSL/TLS

   • Set SSL mode to Full or Full (strict) for secure connections

Step 2: Create a Cloudflare Tunnel

1. Access Zero Trust Dashboard:

   • Go to Cloudflare Zero Trust

   • Navigate to Networks > Connectors

2. Create a Tunnel:

   • Click "Create a tunnel"

   • Choose "Cloudflared" as the connector type

   • Name your tunnel (e.g., commander-service-tunnel)

   • Copy the tunnel token and keep it that will be required later on service creation in service mode

3. Create Public Hostname:

   • During the tunnel setup, define the public hostname (e.g., api.yourdomain.com) and path should be blank

   • Set:

     • Type: HTTP

     • Service URL: http://localhost:<PORT> <PORT> needs to same as your service mode running port on locally