HubTunnels

HubTunnels provide a secure way to access your private containers without exposing them to the public internet. This is ideal for connecting to databases, internal services, or debugging.

How it Works

  1. Ephemeral Access: When you request a tunnel, Hubfly creates a temporary, lightweight SSH container attached to your project’s private network.
  2. Secure Key Exchange: Your CLI generates a temporary SSH key pair and sends the public key to the server.
  3. Port Forwarding: The CLI establishes a secure SSH connection to the ephemeral container and forwards your local port to the target container’s port.
Local Machine
localhost:5432
SSH Encrypted
Hubfly Cloud
SSH
Gateway
DB Container

Traffic is securely forwarded from your local port, through the SSH gateway, directly to your private container.

Usage Scenarios

Connecting to a Database

If you have a PostgreSQL database running in a container that is not exposed to the internet:

Create Tunnel

Run the create command targeting your DB container.

hubfly tunnel create --project my-app --container postgres-1 --port 5432

Auto-Mapping

The CLI will automatically map it to a local port, e.g., localhost:5432 (or ask you to choose one).

Connect

You can now connect using your local database tool (e.g., DBeaver, psql).

psql -h localhost -p 5432 -U myuser mydb

Debugging APIs

Access internal service endpoints or admin panels that are blocked from the public ingress.

Target Service

Identify the internal service port (e.g., 8080).

Establish Tunnel

hubfly tunnel create ... --port 8080 --local 3000

Access Locally

Open http://localhost:3000 in your browser or Postman.

Security Features

No Public IP Needed

Your target container stays completely private.

Short-Lived TTL

Tunnels automatically expire after inactivity.

Network Isolation

Access is strictly limited to the project network.

Encrypted

Uses SSH with ephemeral key exchange.