Accessing private network on-premise REST API service

I have a REST API service that runs an on-premise private network. I need to access this service from the public network. Could you please suggest to me where should I run the Boundary’s worker node? Few clarifications like:-

  1. If I run the worker node inside the private network, client will not be able to reach out to worker, how to solve this?
  2. Can I run the controllers and Boundary service(listener) on the cloud? so that it can connect to my IDP.


Hi there! Thanks for your interest in Boundary. If you want to make private nodes available for public access through Boundary, both the Boundary controller and worker nodes should run in a publicly accessible network where the workers have private network access (workers do the proxying). There are multiple ways to achieve this.

We have a reference architecture that may help as a guide for organizing your deployment: GitHub - hashicorp/boundary-reference-architecture: Example reference architecture for a high availability Boundary deployment on AWS.. This is just one of many possible architectures for Boundary. You will probably need to adapt to your scenario. In order to run Boundary in the cloud to connect to private on-prem nodes, your cloud worker nodes will require some type of secure networking with the underlying private on-prem nodes.