Configuration

Virtual gateways can be deployed in your internal network/VPC to provide secure access to your remote resources. The current recommended deployment model is to deploy a virtual gateway in a docker container on a linux host. Gateway nodes only support ingress traffic to a static IPv4 address or resolvable hostname.

Simple ingress example

Here is an example docker compose file to pass ingress traffic to a docker container in the same docker network as the agent. Requests to the gateway node on port 80 can be forwarded to the whoami container on port 80. You can set the gateway node to use the remote hostname of whoami to dynamically look up the address of the whoami container. Please note that this assumes that you've created an agent_token.txt file with the agent token in the same directory as the docker compose file.

yaml

services:
  enclave-agent:
    image: public.ecr.aws/sidechannel/enclave-agent:ubuntu-latest
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    environment:
      AGENT_TOKEN_FILE: /run/secrets/agent_token
    secrets:
      - agent_token

  whoami:
    image: containous/whoami
    command:
      - --port=80
      - --name=whoami

secrets:
  agent_token:
    file: agent_token.txt

Host networking example

Here is an example docker compose file to attach to the host network to provide ingress traffic to another device in the same network. Please note that this assumes that you've created an agent_token.txt file with the agent token in the same directory as the docker compose file.

yaml

services:
  enclave-agent:
    image: public.ecr.aws/sidechannel/enclave-agent:latest
    network_mode: host
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    environment:
      AGENT_TOKEN_FILE: /run/secrets/agent_token
    secrets:
      - agent_token

secrets:
  agent_token:
    file: agent_token.txt

Configuration ​

Simple ingress example ​

Host networking example ​

Configuration

Simple ingress example

Host networking example