Service Tunneling

Accessing Commander Service Mode REST API using cloud tunneling

Create Service Mode using Tunneling

Ngrok

To use Commander Service Mode with Ngrok, sign up on ngrok.com and generate an Auth token from https://dashboard.ngrok.com/authtokens

If you are using a custom domain, set this up under: https://dashboard.ngrok.com/domains and specify the custom subdomain when starting the Commander service mode.

Using Ngrok has security implications. Follow this guidance:

  • Ensure that the Keeper service account is running with minimal permissions and access. We recommend limiting the scope of the service account to only the least amount of privilege.

  • Protect access to the service through Ngrok's IP policies

  • Limit the scope of supported commands. For example, if you only need to add records through the API, then only allow the record-add command. See the Command List section.

Cloudflare

This guide walks you through the steps to configure your Commander Service to work with a Cloudflare Tunnel, allowing secure access to your service over the internet.

Prerequisites

Before starting, ensure you have the following:

  • Cloudflare Account: Sign up at dash.cloudflare.com

  • Registered Domain: Your domain must be added to Cloudflare.

  • Tunnel Token: You'll generate this via the Cloudflare Zero Trust dashboard.

Step 1: Add Your Domain to Cloudflare

  1. Log In to the Cloudflare Dashboard

  2. Onboard a Domain:

    • Click "Onboard a Domain"

    • Enter your domain (e.g., example.com)

    • Select a Cloudflare plan (Free or Paid)

  3. Review & Configure DNS Records:

    • Cloudflare will attempt to auto-detect existing DNS records.

    • Review and update as needed.

  4. Update Nameservers:

    • Cloudflare provides 2 nameservers.

    • Update these at your domain registrar.

    • Wait for DNS propagation (can take up to 24 hours)

  5. Enable SSL/TLS:

    • In the Cloudflare dashboard, go to SSL/TLS

    • Set SSL mode to Full or Full (strict) for secure connections

Step 2: Create a Cloudflare Tunnel

  1. Access Zero Trust Dashboard:

  2. Create a Tunnel:

    • Click "Create a tunnel"

    • Choose "Cloudflared" as the connector type

    • Name your tunnel (e.g., commander-service-tunnel)

    • Copy the tunnel token and keep it that will be required later on service creation in service mode

  3. Create Public Hostname:

    • During the tunnel setup, define the public hostname (e.g., api.yourdomain.com) and path should be blank

    • Set:

      • Type: HTTP

      • Service URL: http://localhost:<PORT> <PORT> needs to same as your service mode running port on locally

PreviousAPI UsageNextDocker Deployment

Last updated

Was this helpful?