Using Boundary for internal Single Page Applications

Is it possible to use Boundary to access a ReactJS app that calls internal services?

I would like to add a frontend to my internal services, but don’t quite understand how Boundary could route the API calls correctly to my network in the cloud.


It would be hard. One thing is that if the SPA is TLS-secured, you’ll have issues with the TLS certificate chain (lots of threads in this topic on that if you go searching) because of the way layer-4 tunnel proxies (not just Boundary, other ones as well) work.

Even if TLS isn’t a factor, if the browser is intended to connect to other services directly, you’d need to have tunnels set up for them with fixed, known local ports (not something the desktop app can do yet I don’t think, though the CLI can) and have those tunnel addresses be the addresses used in the calls to those services in the app frontend.

One possibility to make the pain of that second option a bit less is to use some sort of layer-7-aware proxy like nginx or Squid to front the web app. Calls to the frontend URL would be passed to the app frontend; calls to other URLs could be proxied to other service URLs as needed. We have an example nginx config to do this with our HashiCups demo app.

Another thing you can do, that’s more effort but solves the TLS issue as well, is just set up an internal HTTP proxy (squid or nginx is fine here); instead of browsing to the proxy address as the app, you configure the web browser to use it as the browser’s proxy, and then all your internal addresses and hostnames become usable as-is through that browser. In this scenario you set the Boundary target to be the proxy, instead of a specific app URL, and the browser uses the Boundary tunnel port on localhost as its proxy config. This requires either configuring the browser proxy after the connection is made (because you won’t know the proxy port till after you connect), or connecting the tunnel on a fixed port using the Boundary CLI that the browser is already configured to use as its proxy.