Secure connect for Harness Cloud
Currently, Secure Connect for Harness Cloud is behind the feature flag CI_SECURE_TUNNEL. Contact Harness Support to enable the feature.
To use Harness Cloud build infrastructure in firewalled environments, such as a corporate network, you can create a secure connect tunnel between the Harness Cloud network and your private network. This allows you to use Harness Cloud build infrastructure with privately-hosted assets, such as internal artifacts repositories and on-premises code repositories. Secure connect is a faster alternative to allowlisting IPs.
Configure secure connect
-
Run the Docker client in your firewalled environment. Where you run the client depends on what assets need to securely connect to Harness and your environment's network configuration.
docker run -it -e REMOTE_PORT=ANY_PORT_FROM_30000_TO_30100 -e REMOTE_SERVER=sc.harness.io -e API_KEY=YOUR_HARNESS_API_KEY harness/frpc-signedREMOTE_PORTcan be any port from 30000 to 30100.API_KEYmust be a valid Harness API key.
-
Enable Secure Connect for each connector you use with Harness Cloud that needs to route through a secure connect tunnel. This setting is available in the connector's Connect to Provider settings.
For example, if you need to connect to an on-premise code repo, you need to enable Secure Connect in your code repo connector's settings.
Compatible connectors include:
Once enabled, traffic related to the configured connector is tunneled through the FRPC.
Secure connect environment variables
When you enable secure connect, Harness sets two environment variables: HARNESS_HTTP_PROXY and HARNESS_HTTPS_PROXY.
You can use these environment variables in cURL commands to tunnel other clients through the established secure connect tunnel, for example:
curl -x HARNESS_HTTPS_PROXY YOUR_ENDPOINT_URL
Replace YOUR_ENDPOINT_URL with the URL that you want to route through the secure connect tunnel. For example, you could route a private Bitbucket domain like https://bitbucket.myorg.com/.