Octelium enables you to seamlessly host and serve your websites and HTTP APIs from anywhere, including from any environment behind NAT (e.g. private clouds, private on-prem, your own laptop, IoT, etc...). For example, you can host or test your website or API running on your own laptop and expose it publicly. Octelium supports both anonymous access (read more here) as well as secure zero trust client-based and clientless BeyondCorp access (read more here). This guide focuses on anonymous access for HTTP-based resources behind NAT.
Let's assume that the User who is supposed to serve the internal resource has the name john. Let's create the User john in users.yaml file as follows:
Now, we assume that the HTTP-based resource (e.g. web app, API, etc...), to be served at john's side, is listening over the address localhost:8000. We simply create the Service for our internal resource with the name svc1 in separate services.yaml file as follows:
1kind: Service2metadata:3name: svc14spec:5mode: WEB6isPublic: true7isAnonymous: true8config:9upstream:10url: http://localhost:800011user: john
Now for john to actually serve the Service svc1 from his side, john needs to connect to the Cluster, from his laptop, through the octelium connect CLI command and adds the --serve flag as follows:
export OCTELIUM_DOMAIN=<DOMAIN>octelium connect --serve svc1
You can also serve multiple Services simultaneously as follows:
octelium connect --serve svc1 --serve svc2
Also you can also serve all Services assigned to be served by the User via the --serve-all flag as follows:
octelium connect --serve-all
Now, the website/API can be publicly and anonymously accessed over the URL https://svc1.<DOMAIN>.
Serving your websites or APIs from anywhere behind NAT is not the only way. In Octelium, you can also automatically deploy your containers and serve them as Services. Here is a simple example:
1kind: Service2metadata:3name: svc14spec:5mode: WEB6isPublic: true7isAnonymous: true8config:9upstream:10container:11container: nginx12port: 80
Octelium also provides OpenTelemetry-ready, application-layer L7 aware visibility and access logging in real time (see an example for HTTP here). You can read more about visibility here.
This was a very short guide to show you how to use Octelium to deploy, scale, route and provide secure access as well as anonymous public access to any webapp containers. Here are a few more related features that you might be interested in:
- Routing not just by request paths, but also by header keys and values, request body content including JSON (read more here).
- Request/response header manipulation (read more here).
- Cross-Origin Resource Sharing (CORS) (read more here).
- gRPC mode (read more here).
- Secret-less access to upstreams and injecting bearer, basic, or custom authentication header credentials (read more here).
- Application layer-aware ABAC access control via policy-as-code using CEL and Open Policy Agent (read more here).
- OpenTelemetry-ready, application-layer L7 aware auditing and visibility (read more here).