Sockets are the public endpoint that border0 creates on behalf of users. Each socket will come with a unique DNS name. The following types are supported:

  1. HTTP: Use this when your local service is a http service.
  2. SSH. Used for handling ssh connections to remote or local systems .
  3. Database. Use when working with mysql, mssql or postgres type databases.
  4. TLS. Use this when your local service is a non-http service.
    In this case the platform will proxy a encrypted tcp session. This is used for example for ssh or https services.
    Note that in this case border0 will, in addition to a unique DNS name, also create a TCP port number just for your
    service.
  5. RDP: Used for Remote Desktop services.
  6. VNC: Used for VNC services.
  7. VPN: Used for VPN services.

border0 socket

Displays all available socket specific commands and their flags

border0 socket
Manage your sockets

Usage:
  border0 socket [command]

Available Commands:
  connect     Connect a socket
  create      Create a new socket
  delete      Delete a socket
  ls          List your sockets
  policy      Manage your global Policies
  show        Show socket details

Flags:
  -h, --help               help for socket
  -s, --socket_id string   Socket ID

Use "border0 socket [command] --help" for more information about a command.

border0 socket create

socket create sub-command allows for adding new sockets of types listed at the top.

$ border0 socket create
Create a new socket

Usage:
  border0 socket create [flags]
  border0 socket create [command]

Available Commands:
  database       Create a new database socket
  http           Create a new http socket
  rdp            Create a new rdp socket
  ssh            Create a new ssh socket
  tls            Create a new tls socket
  vnc            Create a new vnc socket
  vpn            Create a new vpn socket

Flags:
  -h, --help   help for create

Global Flags:
      --json               Print output in JSON format
      --print_input_json   Print input in JSON format

Use "border0 socket create [command] --help" for more information about a command.

border0 socket create ssh

border0 socket create ssh --help
Create a new ssh socket

Usage:
  border0 socket create ssh [flags]

Flags:
      --allowed_docker_container strings       Allowed docker container to connect to
      --allowed_namespace strings              Allowed namespace to connect to
      --auth_type string                       Authentication type (for standard upstream_type) to use to connect to the target: username_and_password, ssh_key or border0_certificate
      --aws_access_key_id string               AWS Access Key ID
      --aws_profile string                     AWS Profile
      --aws_secret_access_key string           AWS Secret Access Key
      --aws_session_token string               AWS Session Token
      --connector string                       Connector to attach to the socket, UUID or name of the connector
  -d, --description string                     Socket description
      --ec2_instance_id string                 AWS EC2 Instance ID
      --ec2_region string                      AWS EC2 region
      --ecs_cluster string                     AWS ECS Cluster
      --ecs_region string                      AWS ECS Cluster
      --ecs_service string                     AWS ECS Cluster
      --eks_cluster string                     AWS EKS Cluster
      --eks_region string                      AWS EKS Cluster
  -h, --help                                   help for ssh
      --host string                            Target host: Control where inbound traffic goes
      --kubectl_exec_kube_config_path string   Kubectl exec kube config path
      --kubectl_exec_master_url string         Kubectl exec master url
      --kubectl_exec_type string               Kubectl exec type: standard or aws-eks (default "standard")
  -n, --name string                            Socket name
      --namespace_selectors_allowlist string   JSON string of namespace selectors allowlist: {"namespace": {"key": ["value"]}}
      --password string                        Password used to connect to target
      --port uint16                            Target port: the port where inbound traffic goes (default 22)
      --recording_enabled                      Enables session recording (default true)
      --ssh_key string                         Ssh key used to connect to target
      --ssm_target_type string                 AWS SSM target type: ec2 or ecs
      --tag stringToString                     Tags for the socket (key=value) (default [])
      --upstream_type string                   Upstream type to use to connect upstream: standard, aws_ssm, aws_ec2_instance_connect, connector_built_in_ssh_service, docker_exec or kubectl_exec (default "standard")
      --username string                        Username used to connect to target
      --username_type string                   Username type (for builtin-sshserver upstream_type and border0_certificate auth_type): use_connector_user, prompt_client or defined

Global Flags:
      --json               Print output in JSON format
      --print_input_json   Print input in JSON format

Examples:

border0 socket create ssh \
  --name remote-ssh \ 
  --connector connector1 \
  --upstream_type standard \
  --host ssh.playground.border0.io \
  --auth_type username_and_password \
  --username someuser \
  --password somepassword 

This example will create a SSH socket with the name remote-ssh attached to the connector1 connector.
It will use the provides username and password to connect to host ssh.playground.border0.io.

border0 socket create ssh \
  --name new-ssh-local \
  --connector connector1 \
  --upstream_type connector_built_in_ssh_service \
  --username_type use_connector_user

This example will create a SSH socket with the name new-ssh-local which is also attached to connector connector1. This socket will be using the connector built-in ssh service and will use the user the connector runs as for the sessions.

border0 socket create database

border0 socket create database --help
Create a new database socket

Usage:
  border0 socket create database [flags]

Flags:
      --auth_type string              Authentication type to use to connect to the target: username_and_password, tls, aws_iam, cloudsql_connector, cloudsql_connector_iam, sql_authentication, kerberos, azure_ad_password or azure_ad_integrated
      --ca_certificate string         CA certificate used to connect to target
      --client_certificate string     Client certificate used to connect to target
      --client_key string             Client key used to connect to target
      --cloudsql_instance_id string   Google Cloud SQL instance ID
      --connector string              Connector to attach to the socket, UUID or name of the connector
  -d, --description string            Socket description
      --gcp_credentials_json string   Google Cloud SQL credentials JSON
  -h, --help                          help for database
      --host string                   Target host: Control where inbound traffic goes
  -n, --name string                   Socket name
      --password string               Password used to connect to target
      --port int                      Target port: the port where inbound traffic goes
      --rds_region string             AWS RDS region
      --recording_enabled             Enables session recording (default true)
      --tag stringToString            Tags for the socket (key=value) (default [])
      --upstream_type string          Upstream type to use to connect upstream: mysql, postgres or mssql
      --username string               Username used to connect to target

Global Flags:
      --json               Print output in JSON format
      --print_input_json   Print input in JSON format

Examples:

border0 socket create database \
  --name mysqltest \
  --upstream_type mysql \
  --host mysql.playground.border0.io \
  --auth_type username_and_password \
  --username someuser \
  --password somepassword

In this example a socket will be created with the name mysqltest for a mysql server that runs on host mysql.playground.border0.io. For authentication it will use username and password with the provides credentials.

border0 socket create http

border0 socket create http --help
Create a new http socket

Usage:
  border0 socket create http [flags]

Flags:
      --connector string       Connector to attach to the socket, UUID or name of the connector
  -d, --description string     Socket description
  -h, --help                   help for http
      --host string            Target host: Control where inbound traffic goes
      --http_hostname string   Http host/sni header
  -n, --name string            Socket name
      --port int               Target port: the port where inbound traffic goes
      --recording_enabled      Enables session recording
      --tag stringToString     Tags for the socket (key=value) (default [])
      --upstream_type string   Protocol type to use to connect upstream: http or https (default "http")

Global Flags:
      --json               Print output in JSON format
      --print_input_json   Print input in JSON format

Example:

border0 socket create http \
  --name webservice \
  --upstream_type https \
  --host httpbin.org \
  --port 443 \
  --tag somekey=somevalue \
  --recording_enabled \
  --connector connector1 \
  --json

In this example we will create an http socket with the name webservice attached to connector connector1. The output of the create commands will be in json format with details about the created socket. This socket is using https://httpbin.org:443 as the target URL. Also recording for this socket will be enabled and the socket has a tag with key somekey and value somevalue.

border0 socket create tls

border0 socket create tls --help
Create a new tls socket

Usage:
  border0 socket create tls [flags]

Flags:
      --connector string     Connector to attach to the socket, UUID or name of the connector
  -d, --description string   Socket description
  -h, --help                 help for tls
      --host string          Target host: Control where inbound traffic goes
  -n, --name string          Socket name
      --port int             Target port: the port where inbound traffic goes
      --tag stringToString   Tags for the socket (key=value) (default [])

Global Flags:
      --json               Print output in JSON format
      --print_input_json   Print input in JSON format

Example:

border0 socket create tls \
  -name tlstest \
  --host localhost \
  --port 1234 \ 
  --description "a tls socket" \
  --connector connector1

In this example we create a TLS socket with nane tlstest connector to connector connector1. The socket will have a description a tls socket and will use localhost as the target on port 1234.

border0 socket create vpn

border0 socket create vpn --help
Create a new vpn socket

Usage:
  border0 socket create vpn [flags]

Flags:
      --advertised_route strings   Routes to advertise to clients
      --connector string           Connector to attach to the socket, UUID or name of the connector
  -d, --description string         Socket description
      --dhcp_pool_subnet string    VPN Client DHCP pool subnet. ie 10.42.0.0/22
  -h, --help                       help for vpn
  -n, --name string                Socket name
      --tag stringToString         Tags for the socket (key=value) (default [])

Global Flags:
      --json               Print output in JSON format
      --print_input_json   Print input in JSON format

border0 socket create vnc

$ border0 socket create vnc --help
Create a new vnc socket

Usage:
  border0 socket create vnc [flags]

Flags:
      --connector string     Connector to attach to the socket, UUID or name of the connector
  -d, --description string   Socket description
  -h, --help                 help for vnc
      --host string          Target host: Control where inbound traffic goes
  -n, --name string          Socket name
      --port uint16          Target port: the port where inbound traffic goes (default 5900)
      --tag stringToString   Tags for the socket (key=value) (default [])

Global Flags:
      --json               Print output in JSON format
      --print_input_json   Print input in JSON format

border0 socket create rdp

$ border0 socket create rdp --help
Create a new rdp socket

Usage:
  border0 socket create rdp [flags]

Flags:
      --connector string     Connector to attach to the socket, UUID or name of the connector
  -d, --description string   Socket description
  -h, --help                 help for rdp
      --host string          Target host: Control where inbound traffic goes
  -n, --name string          Socket name
      --port uint16          Target port: the port where inbound traffic goes (default 3389)
      --tag stringToString   Tags for the socket (key=value) (default [])

Global Flags:
      --json               Print output in JSON format
      --print_input_json   Print input in JSON format


border0 socket ls

Once we've created some sockets we can list them in easy to read table form.

📘

Socket FQDNs

After creation your socket DNS are compiled from socket_name + org_name + dorder0_TLD

$ocket-server@xps15:~$ border0 socket ls
┌──────────────────────────────────────┬───────────────────────────────────────────────┬─────────┬──────────┬──────────────────────────────────────────────────────────────┐
│ SOCKET ID                            │ DNS NAME                                      │ PORT(S) │ TYPE     │ DESCRIPTION                                                  │
├──────────────────────────────────────┼───────────────────────────────────────────────┼─────────┼──────────┼──────────────────────────────────────────────────────────────┤
│ 6fb21ee7-e5db-4ff9-b54c-f9aebcbf6fd6 │ my-http-service-the-greg-rnd.border0.io │ 80, 443 │ http     │ This is a socket my amazing HTTP server I am really proud of │
│ 0cc18cf2-c22f-412b-ba83-2a4cb468b210 │ my-db-service-the-greg-rnd.border0.io   │ 20844   │ database │ Super secret database only for the few                       │
└──────────────────────────────────────┴───────────────────────────────────────────────┴─────────┴──────────┴──────────────────────────────────────────────────────────────┘

border0 socket show

Show command prints out information for given socket_id with -s, --socket_id flag

$ border0 socket show --socket_id 0cc18cf2-c22f-412b-ba83-2a4cb468b210
┌──────────────────────────────────────┬─────────────────────────────────────────────┬─────────┬──────────┬────────────────────────────────────────┐
│ SOCKET ID                            │ DNS NAME                                    │ PORT(S) │ TYPE     │ DESCRIPTION                            │
├──────────────────────────────────────┼─────────────────────────────────────────────┼─────────┼──────────┼────────────────────────────────────────┤
│ 0cc18cf2-c22f-412b-ba83-2a4cb468b210 │ my-db-service-the-greg-rnd.border0.io │ 20844   │ database │ Super secret database only for the few │
└──────────────────────────────────────┴─────────────────────────────────────────────┴─────────┴──────────┴────────────────────────────────────────┘


border0 socket connect

Once we have our socket created it is time to connect it and expose our resources to desired audience.

$ border0 socket connect
Connect a socket

Usage:
  border0 socket connect [flags]

Flags:
  -h, --help                    help for connect
      --host string             Target host: Control where inbound traffic goes. Default localhost (default "127.0.0.1")
      --httpserver              Start a local http server to accept http connections on this host
      --httpserver_dir string   Directory to serve http connections on this host
  -i, --identity_file string    Identity File
  -p, --port int                Port number
      --proxy string            Proxy host used for connection to border0.com
  -s, --socket_id string        Socket ID
  -l, --sshserver               Start a local SSH server to accept SSH sessions on this host

👍

Connecting your fist test socket

border0 socket connect my-http-socket --httpserver

--httpserver

Probably the fastest way to get full end to end connectivity through a socket is to use a built in HTTP server

$ border0 socket connect  my-http-socket --httpserver

Connecting to Server: tunnel.border0.com

Welcome to Border0.io
my-http-service - https://my-http-socket-the-greg-rnd.border0.io

=======================================================
Logs
=======================================================
216.xxx.xxx.152 - - [07/Oct/2022:17:57:46 +0000] "GET / HTTP/1.1" 200 643 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" response_time="0.044 secs"
216.xxx.xxx.152 - - [07/Oct/2022:17:57:47 +0000] "GET /favicon.ico HTTP/1.1" 200 643 "https://my-http-service-the-greg-rnd.border0.io/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" response_time="0.089 secs"

📘

HOWTOs for connecting sockets

For more information on how to expose resource via sockets visit our HOWTO

border0 socket delete

Deletes a socket

$ border0 socket delete my-http-socket
Socket deleted

border0 socket policy

List all policies attached to the socket given the ID with -s, --socket_id flag

$ border0 socket policy --socket_id 0cc18cf2-c22f-412b-ba83-2a4cb468b210
Socket deleted