Creating a Tunnel

To create a tunnel run:

> aqueduct --target https://www.ecorp.dev

When you run the Client for the first time, you will see output similar to the following:

╤╤ flood aqueduct ╤╤ : run
Target mappings:
+-----------------------+-------------------+------+
| --TARGET | HOST:PORT | SSL? |
+-----------------------+-------------------+------+
| https://www.ecorp.dev | www.ecorp.dev:443 | true |
+-----------------------+-------------------+------+
==> Pulling tunnel client docker image
stable: Pulling from floodio/aqueduct
Digest: sha256:675b92a017ecd5be8c436ecb4659c6e5e117cf6e422a1b99e7b8ae5484b9d2e7
Status: Image is up to date for floodio/aqueduct:stable
==> Preparing tunnel
- New tunnel requested
- region : us-west-2
- duration: 1h0m0s
--> Tunnel UUID: XMesS6L9G0Q
- Waiting for tunnel server to start
[√] Tunnel started
- Querying tunnel name and DNS
- Copying tunnel certificates
==> Starting tunnel client
- Waiting for client to start
[√] Started aqueduct with container id: 3482ea01
==> Checking client container is up & stable for 10s
[√] Container is up

The key activities when establishing a tunnel from your Client to the Server are as follows:

  1. A tunnel Server is prepared, with a Universally Unique Identifier (UUID) allocated to your Server.

  2. Once the tunnel Server has started, information including its DNS address, name and certificates are securely copied from the Server to your Client.

  3. Your tunnel Client will then establish a tunnel over port 443 to the Server using mutually authenticated certificates provided by the Server. Only your Client can connect to your Server.

Points to note:

  1. The target should be a real web application on your corporate network.

  2. If you don't have a real target to test, you can follow our instructions for setting up your own target here.