Advanced Usage

Logs

You can follow the logs of your tunnel Client (docker container) using the logs command, for example:

> aqueduct logs

Status

You can view the status of your tunnel Client and Server using the status command, for example:

> aqueduct status
╤╤ flood aqueduct ╤╤ : status
Aqueduct client container status:
+--------------------------+-------------+
| Running | true |
| Connected to tunnel UUID | XMesS6L9G0Q |
+--------------------------+-------------+
Available tunnels:
+---+-------------+----------------------------+---------+---------------+------------+---------------------+
| | UUID | NAME | STATUS | LOCAL IPV4 | AWS REGION | TIME UNTIL SHUTDOWN |
+---+-------------+----------------------------+---------+---------------+------------+---------------------+
| 1 | XMesS6L9G0Q | dusty-ridgeway-XMesS6L9G0Q | started | 172.31.30.230 | us-west-2 | 47m41s |
+---+-------------+----------------------------+---------+---------------+------------+---------------------+

Defining regions

It is recommended that you create a tunnel Server in the same region that you want to generate load from. For example, if you are going to generate load from Flood Grids in US West Oregon, then you should start your tunnel Server in the same region using the --server-region flag, for example:

> aqueduct --server-region us-east-1 --target https://...

Defining duration

Tunnel Servers will automatically stop after 1 hour. You can override this when creating the tunnel Server with the --duration flag, for example:

> aqueduct --duration 1h30m --target https://...

Defining targets

The target server, which the tunnel will provide access to from Flood Grids, can be any HTTP/S based web application or site which your local machine has access to. You can define a target using the --target flag or by providing a target configuration file via the --haproxy-config flag.

Target

The --target parameter will map the target server DNS and IP address, using a custom HAProxy configuration, without you needing to understand how HAProxy works, for example:

> aqueduct --target https://www.ecorp.dev:443

HAProxy

HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. Aqueduct SSL includes HAProxy on the Client, so that it can terminate SSL connections to the target in a fast and efficient manner.

You can optionally define the target using the flag --haproxy-config which gives you full control over how the proxy will behave locally, when targeting your web application, for example:

> aqueduct --haproxy-config ./local/path/to/haproxy.cfg

Example haproxy.cfg

The following is an example HAProxy configuration file. You shouldn't need to change the global, defaults or frontend sections. The backend section should be modified with the server IP addresses and ports that you wish to target:

server host1 216.58.203.100:443 weight 1 maxconn 100 check ssl verify none
server host2 216.58.203.101:443 weight 1 maxconn 100 check ssl verify none

Will target the two servers 216.58.203.100 and 216.58.203.101 on port 443 in a round robin balancing algorithm.

You can read about the four essential sections of an [HAProxy configuration here)(https://www.haproxy.com/blog/the-four-essential-sections-of-an-haproxy-configuration/). A complete example is provided as follows.

global
maxconn 4096
nbthread 4
cpu-map auto:1/1-4 0-3
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
retries 3
maxconn 2000
timeout connect 5s
timeout client 60s
timeout server 60s
frontend haproxy_frontend
bind *:8080
reqadd X-Forwarded-Proto:\ http
default_backend customer_backend
backend customer_backend
balance roundrobin
server host1 216.58.203.100:443 weight 1 maxconn 100 check ssl verify none
server host2 216.58.203.101:443 weight 1 maxconn 100 check ssl verify none

Forcing a new tunnel

You can force a new tunnel to be created from your client with the --new flag, for example:

> aqueduct --new

Connect to an existing tunnel

By default, the Client will attempt to connect to the same Tunnel you created from that local machine. You can however connect to an existing tunnel Server created for you account by providing the --uuid flag, for example:

> aqueduct --uuid OIb4z2SqgxY