Skip to main content

Network access

If you want to use some YepCode integration with a service not accesible from the internet (a Postgres server on your system infraestructure, a REST API that runs on a web server that is behind some firewall,...), you need to do some configuration to allow YepCode servers to connect to that service.

Configure your firewall to allow connections from YepCode

Every YepCode network connection is done from the IP 34.89.54.108, so if you configure your firewalls to grant access to that IP for the needed ports, YepCode integrations will work.

If this option is not possible, as you can't change your company firewall rules, don't worry, as we have implemented support for an alternative configuration, the tunneling.

Use YepCode tunneling

We provide a tunneling system to allow to expose your ports for YepCode. This approach relies on ssh tunnels, and we provide the server side available in the domain tunnels.yepcode.io.

You have to open the ssh tunnels in some computer that has access to the service where you want that YepCode has access, and also with output access to Internet. This will open a new tunnel showing you the connection information that should be used to configure the YepCode integration.

You have two options, use any ssh client or, if you have Docker on that machine, run the client with a Docker image (recommended):

docker run --rm yepcode/tunnels-client:latest -V

Docker image has 2 advantages:

  • If ssh tunnel connection is lost, it keeps retrying to reconnect.
  • It implements a reverse http proxy. When you create a tunnel to a http service, this proxy rewrites http 'Host' header to match the local hostname.

YepCode tunnels server access

The server params:

Server: tunnels.yepcode.io
Port: 2222
Recommended ssh params:
- ExitOnForwardFailure=yes
- ServerAliveInterval=10
- ServerAliveCountMax=3

Tunnels server connection is private, you need us to give you a private key. In order to get that private key, please fill this form:

HTTP Tunnel creation sample

We want to expose a HTTP service running on http://192.168.108.10:3000, so we can use this docker run command:

SSH client
ssh -o "ExitOnForwardFailure=yes"-o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" \
-i /path/to/id_rsa_you_have_asked_for \
-p 2222 tunnels.yepcode.io \
-R my-company-http-service:80:192.168.108.10:3000
Docker image, not using reverse proxy
docker run --rm -e ID_RSA=$(base64 -w 0 /path/to/id_rsa_you_have_asked_for) yepcode/tunnels-client:latest \
-R my-company-http-service:80:192.168.108.10:3000
Docker image, using reverse proxy
docker run --rm -e ID_RSA=$(base64 -w 0 /path/to/id_rsa_you_have_asked_for) yepcode/tunnels-client:latest \
--http my-company-http-service,http://192.168.108.10:3000

With this execution you'll see something like this:

Starting SSH Forwarding service for http:80. Forwarded connections can be accessed via the following methods:
HTTP: http://my-company-http-service.tunnels.yepcode.io

And if you open network connection to http://my-company-http-service.tunnels.yepcode.io, that connection will end on your private service.

Take into account that this client process must be started all the time that you want to use the integration.

TCP Tunnel creation sample

We want to expose a MySQL service available at 192.168.108.10:3306, so we can use this docker run command:

docker run --rm -e ID_RSA=$(base64 -w 0 /path/to/id_rsa_you_have_asked_for) yepcode/tunnels-client:latest \
-R 12345:192.168.108.10:3306

With this execution you'll see something like this:

Starting SSH Forwarding service for tcp:12345. Forwarded connections can be accessed via the following methods:
TCP: tunnels.yepcode.io:12345

So the host and port credential configuration for that YepCode integration should be tunnels.yepcode.io:12345

Note that you can combine multiple tunnels in one execution:

docker run --rm -e ID_RSA=$(base64 -w 0 /path/to/id_rsa_you_have_asked_for) yepcode/tunnels-client:latest \
--http my-company-http-service,http://api.my-company.com/ \
--http my-company-https-service,https://api.my-company.com:4443/ \
-R 12345:192.168.108.10:3306 \
-R 12346:192.168.108.11:5432

Docker compose

Here you have an example of docker-compose.yml file:

version: "3"

services:
yepcode_tunnels:
container_name: yepcode-tunnels
image: yepcode/tunnels-client:latest
restart: always
command: -R 12345:internal_server:3306 --http my-company-http-service,http://api.my-company.com/
environment:
- ID_RSA=... # write here id_rsa private key in base64 format