Quick start CLI

This is the right place if you're eager to get started! In this example, we'll use the border0 CLI to login and create an HTTP service.

Install the CLI (Command Line Interface)

Let's start with installing the Border0 CLI.

sudo curl https://download.border0.com/darwin_amd64/border0 \
    -o /usr/local/bin/border0 \
   && sudo chmod +x /usr/local/bin/border0
sudo curl https://download.border0.com/linux_amd64/border0 \
    -o /usr/local/bin/border0 \
    && sudo chmod +x /usr/local/bin/border0
sudo curl https://download.border0.com/linux_arm/border0 \    
    -o /usr/local/bin/border0 \
    && sudo chmod +x /usr/local/bin/border0
sudo curl https://download.border0.com/linux_arm64/border0 \
    -o /usr/local/bin/border0 \
    && sudo chmod +x /usr/local/bin/border0
cd ~/Desktop 
curl https://download.border0.com/windows_amd64/border0.exe -o border0.exe

Or follow the instructions from our download page here

Login and retrieve an access token

border0 login

This will start the login process and retrieve an admin access token.

border0 login
please login with the link below:


Web browser pop-up

We will attempt to open the login link for you, if that does not happen you just copy&paste it into your favourite browser to complete the login

Quick connect

We're ready to create our first service; in Border0 terms, we call that a socket (💡 like, a network socket).
Let's start with creating a socket of type HTTP.

border0 socket create  --type http --name "my-http-service" 

Next, we connect to the socket we just created and start a built-in webserver. This will set up a secure tunnel to the closest, anycasted, Border0 ingress tunnel server. You'll need to provide the socket_id of the socket created in the previous step (border0 socket create)

border0 socket connect my-http-service --httpserver

All together this looks like:

$ border0 socket create  --type http --name "my-http-service" 

│ SOCKET ID                            │ DNS NAME                                      │ PORT(S) │ TYPE │ DESCRIPTION │
│ b31465af-f1c1-48bc-a1df-98c8e1804aca │ my-http-service-andree-toonk.border0.io │ 80, 443 │ http │             │

Cloud Authentication, login details:
│                         │ gmail.com             │

HTTP Options:
│ http          │                   │

$ border0 socket connect my-http-service --httpserver

Connecting to Server: ssh.border0.io

Welcome to border0.io
my-http-service - https://my-http-service-andree-toonk.border0.io



All sockets require authentication by default

We believe in secure access; that's why an access policy protects all sockets. By default, your organization will have a default organization-wide policy that will apply to all your services (sockets) in your organization. By default, it will only have the email address of the person that created the organization as an allowed email address.

To see what policy is applied to your service:
border0 socket -s <socket_id> policy ls

Also see:
border0 policy ls and border0 policy show -n <policy_name>

Now visit the URL of the service you just created. It's something like:

You will be asked to authenticate. The default organization-wide policy is active, so you'll need to use the same Google or Github account as you signed up with


Once authenticated, you'll be taken to web page served by the built-in webserver.



custom local web folder

an alternative to using the built-in webserver is using a local webfolder:

mkdir /tmp/webfolder &&  touch /tmp/webfolder/file_3 /tmp/webfolder/file_2 /tmp/webfolder/file_1

border0 socket connect my-http-service  <socket_id> \
  --httpserver --httpserver_dir /tmp/webfolder

Now you'll be served the files in that folder, like below.


Setting a remote origin for your webservice.

You can make remote HTTP-based services available through border0 using the --host and --port parameters.
The example below will forward all authenticated and authorized requests to httpbin.org on port 80

border0 socket connect my-http-service  --host httpbin.org -p 80