Network access
If you want to use some YepCode integration with a service not accesible from the internet (a Postgres server on your system infraestructure, a REST API that runs on a web server that is behind some firewall,...), you need to do some configuration to allow YepCode servers to connect to that service.
Configure your firewall to allow connections from YepCode
Every YepCode network connection is done from the IP 34.89.54.108, so if you configure your firewalls to grant access to that IP for the needed ports, YepCode integrations will work.
If this option is not possible, as you can't change your company firewall rules, don't worry, as we have implemented support for an alternative configuration, the tunneling.
Use YepCode tunneling
We provide a tunneling system to allow to expose your ports for YepCode. This approach relies on ssh tunnels, and we provide the server side available in the domain tunnels.yepcode.io
.
You have to open the ssh tunnels in some computer that has access to the service where you want that YepCode has access, and also with output access to Internet. This will open a new tunnel showing you the connection information that should be used to configure the YepCode integration.
You have two options, use any ssh client or, if you have Docker on that machine, run the client with a Docker image (recommended):
docker run --rm yepcode/tunnels-client:latest -V
Docker image has 2 advantages:
- If ssh tunnel connection is lost, it keeps retrying to reconnect.
- It implements a reverse http proxy. When you create a tunnel to a http service, this proxy rewrites http 'Host' header to match the local hostname.
YepCode tunnels server access
The server params:
Server: tunnels.yepcode.io
Port: 2222
Recommended ssh params:
- ExitOnForwardFailure=yes
- ServerAliveInterval=10
- ServerAliveCountMax=3
Tunnels server connection is private, you need us to give you a private key. In order to get that private key, please contact us.
HTTP Tunnel creation sample
We want to expose a HTTP service running on http://192.168.108.10:3000
, so we can use this docker run command:
ssh -o "ExitOnForwardFailure=yes"-o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" \
-i /path/to/id_rsa_you_have_asked_for \
-p 2222 tunnels.yepcode.io \
-R my-company-http-service:80:192.168.108.10:3000
docker run --rm -e ID_RSA=$(base64 -w 0 /path/to/id_rsa_you_have_asked_for) yepcode/tunnels-client:latest \
-R my-company-http-service:80:192.168.108.10:3000
docker run --rm -e ID_RSA=$(base64 -w 0 /path/to/id_rsa_you_have_asked_for) yepcode/tunnels-client:latest \
--http my-company-http-service,http://192.168.108.10:3000
With this execution you'll see something like this:
Starting SSH Forwarding service for http:80. Forwarded connections can be accessed via the following methods:
HTTP: http://my-company-http-service.tunnels.yepcode.io
And if you open network connection to http://my-company-http-service.tunnels.yepcode.io
, that connection will end on your private service.
Take into account that this client process must be started all the time that you want to use the integration.
TCP Tunnel creation sample
We want to expose a MySQL service available at 192.168.108.10:3306
, so we can use this docker run command:
docker run --rm -e ID_RSA=$(base64 -w 0 /path/to/id_rsa_you_have_asked_for) yepcode/tunnels-client:latest \
-R 12345:192.168.108.10:3306
With this execution you'll see something like this:
Starting SSH Forwarding service for tcp:12345. Forwarded connections can be accessed via the following methods:
TCP: tunnels.yepcode.io:12345
So the host and port credential configuration for that YepCode integration should be tunnels.yepcode.io:12345
Note that you can combine multiple tunnels in one execution:
docker run --rm -e ID_RSA=$(base64 -w 0 /path/to/id_rsa_you_have_asked_for) yepcode/tunnels-client:latest \
--http my-company-http-service,http://api.my-company.com/ \
--http my-company-https-service,https://api.my-company.com:4443/ \
-R 12345:192.168.108.10:3306 \
-R 12346:192.168.108.11:5432
Docker compose
Here you have an example of docker-compose.yml
file:
version: "3"
services:
yepcode_tunnels:
container_name: yepcode-tunnels
image: yepcode/tunnels-client:latest
restart: always
command: -R 12345:internal_server:3306 --http my-company-http-service,http://api.my-company.com/
environment:
- ID_RSA=... # write here id_rsa private key in base64 format