Secure Tunneling v1.0.0

Learn about SLYD's secure tunneling infrastructure that connects your compute instances to the outside world.

What is Secure Tunneling?

SLYD's secure tunneling is a feature that creates private, encrypted connections between your compute instances and the internet, allowing you to securely access your applications and services without exposing them directly to the public internet. Built on Cloudflare Zero Trust technology, SLYD tunnels provide enterprise-grade security with minimal configuration.

How Tunneling Works

SLYD creates secure tunnels automatically for each compute instance, making your applications and services available through unique, randomly-generated subdomains or custom domains that you configure.

Fig 1. SLYD Tunneling Architecture

User Request

A user accesses your application through your SLYD tunnel URL (e.g., your-app-123.slyd.cloud).

Cloudflare Edge

The request is routed to Cloudflare's global edge network, which provides DDoS protection and initial security screening.

Cloudflare Zero Trust

Zero Trust rules verify the user's identity and access permissions before allowing the connection to proceed.

SLYD Tunnel Gateway

The SLYD Tunnel Gateway receives the encrypted request and routes it to the appropriate compute instance.

Compute Instance

Your application running on the compute instance processes the request and returns a response through the same secure path.

Benefits of Secure Tunneling

SLYD's tunneling infrastructure provides numerous advantages over traditional networking approaches:

Enhanced Security

Full end-to-end encryption for all traffic
No need to expose services directly to the internet
Protection against DDoS attacks and common web vulnerabilities
Zero Trust access controls and authentication

Improved Performance

Global edge network reduces latency for worldwide users
Automatic load balancing and traffic optimization
Content caching for faster delivery
Optimized routing through Cloudflare's global network

Simplified Management

No need to configure firewalls or NAT rules
Works across all network types (including strict corporate networks)
Automated certificate management for HTTPS
Centralized control through the SLYD dashboard

Comprehensive Analytics

Detailed traffic and usage metrics
Security incident detection and logging
Performance monitoring across regions
User access patterns and behaviors

Tunnel Types

SLYD offers different types of tunnels to suit various use cases:

HTTP/HTTPS Tunnels

Connect web applications and APIs through HTTP and HTTPS protocols. These tunnels are ideal for web services, dashboards, and APIs.

Example URL:

https://your-app-123.slyd.cloud

Default Ports:

80, 443

TCP Tunnels

Secure tunneling for TCP-based applications and services, such as databases, SSH, and custom protocols.

Connection string:

tcp://tcp-your-app-123.slyd.cloud:12345

Available Ports:

1024-65535 (customizable)

SSH Tunnels

Specialized tunnels for secure shell access to your compute instances with additional security features.

SSH Command:

ssh [email protected] -p 22

Special Features:

SSH key management
Session recording
2FA enforcement

Managing Tunnels

You can manage your tunnels through the SLYD dashboard or the API:

Access Tunnel Management

From your compute instance details page, select the "Tunnels" tab to view and manage all tunnels for that instance.

Create a New Tunnel

Click "Create Tunnel" and specify the tunnel configuration:

Type: HTTP, TCP, or SSH

Subdomain: Custom prefix or auto-generated

Port: Internal port on your instance

Path: Optional path prefix for HTTP tunnels

Authentication: None, Basic, or OAuth

Configure Access Rules

Set up access controls for your tunnel:

IP Restrictions: Limit access to specific IP addresses or ranges

Authentication: Require user login through SLYD, OAuth, or SAML

Device Posture: Verify device security status before allowing access

Rate Limiting: Set request rate limits to prevent abuse

Activate the Tunnel

Review your configuration and click "Activate Tunnel" to deploy it. The tunnel will be active within seconds.

Pro Tip: Custom Domains

For production applications, you can use your own domain with SLYD tunnels. Simply add a custom domain in the tunnel settings and configure a CNAME record in your DNS settings pointing to your SLYD tunnel address.

DNS Configuration Example

app.yourdomain.com.  CNAME  your-app-123.slyd.cloud.

Security Features

SLYD tunnels include several security features to protect your applications and data:

End-to-End Encryption

All tunnel traffic is encrypted using TLS 1.3, with automatic certificate management and rotation.

Zero Trust Access

Access can be limited based on user identity, device security posture, location, and other factors.

WAF Protection

Web Application Firewall provides protection against common attacks like SQL injection, XSS, and CSRF.

Multi-Factor Authentication

Enforce 2FA for access to sensitive applications and services through your tunnels.

Access Logging and Auditing

Comprehensive logs of all access attempts and activity through your tunnels for security analysis.

Rate Limiting

Prevent abuse by setting request rate limits for your tunnels, with customizable thresholds.

Monitoring and Analytics

SLYD provides detailed analytics for your tunnels to help you monitor performance and usage:

Traffic Analytics

Monitor traffic patterns, request rates, and bandwidth usage for each of your tunnels.

Request Volume

78%

Bandwidth Usage

42%

Error Rate

Geographic Distribution

View where your tunnel traffic is coming from to understand your user base.

North America

65%

Europe

25%

Asia Pacific

Other Regions

Security Events

Track security incidents and blocked attacks for each tunnel.

Blocked Attacks

147 in the last 30 days

Authentication Failures

23 in the last 30 days

Bot Traffic

12% of total requests

Performance Metrics

Analyze response times and performance data to optimize your applications.

Average Response Time 142ms

12% from last week

P95 Response Time 310ms

8% from last week

Cache Hit Ratio 68%

5% from last week

API Access

You can programmatically manage tunnels using the SLYD API:

Create a New Tunnel

curl -X POST https://api.slyd.cloud/v1/tunnels \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{
      "instance_id": "inst-123abc456def",
      "type": "http",
      "subdomain": "my-app",
      "port": 8080,
      "path": "/api",
      "auth_type": "oauth"
    }'

List All Tunnels

curl -X GET https://api.slyd.cloud/v1/tunnels \
    -H "Authorization: Bearer YOUR_API_KEY"

API Documentation

For complete API documentation for tunnel management, visit the Tunnels API Reference.

Best Practices

Follow these recommendations to get the most out of SLYD tunnels:

Security

Enable authentication for all production tunnels
Use IP restrictions for management interfaces and sensitive applications
Regularly review tunnel access logs for suspicious activity
Enable MFA for SSH tunnels and critical services

Performance

Enable caching for static content when possible
Consider using HTTP/2 for web applications
Monitor response times and optimize slow endpoints
Use separate tunnels for management/backend traffic vs. user-facing services

Access Management

Create access groups for different user types (managers, developers, customers)
Use time-based access policies for temporary contractors
Implement device posture checks for sensitive data access
Regularly audit and update access permissions

Architecture

Use descriptive subdomain names that reflect the service purpose
Separate public-facing services from internal tools with different tunnels
Consider using custom domains for production services
Use path-based routing for microservices when appropriate

Was this guide helpful?

We're constantly improving our documentation. Let us know how we can make it better!