CONNECT Wrapper with Docker

Running the CONNECT Proxy:

docker run -it --rm \
-p 16443:16443 \
us-docker.pkg.dev/qpoint-edge/public/qpoint:head \
connect \
--log-level=info \
--connect-username=user1 \
--connect-password=password1 \
--connect-upstream=<QPOINT_PROXY_IP>:10443

Running the Qpoint Proxy:

docker run -it --rm \
-p 10080:10080 \
-p 18080:18080 \
-p 10443:10443 \
-p 18443:18443 \
us-docker.pkg.dev/qpoint-edge/public/qpoint:head \
proxy \
--log-level=info \
--registration-token="<token>"

Configuration Steps

1. Setting Up IP Tables

To redirect all outgoing traffic from the host to the CONNECT proxy, update the IP tables:

sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT $CONNECT_IP

2. Starting the CONNECT Proxy

Use the provided Docker command to start the CONNECT proxy. Ensure the proxy is configured with the appropriate authentication credentials and upstream Qpoint proxy address.

3. Starting the Qpoint Proxy

Use the provided Docker command to start Qpoint Proxy. Make sure to include the registration token for linking the proxy to the Qpoint Control Plane.

Example Scenario

• Application: A web service running on the host.

• Traffic Flow: The web service sends an HTTP request.

• CONNECT Proxy: Captures and encapsulates the request, authenticating it.

• Qpoint Proxy: Receives the encapsulated request, applies ACLs, and routes it to the internet.