ContextQMD
Back to Firezone

Access a Private Web Application

website/src/app/kb/use-cases/web-app-access/readme.mdx

1.0.52.8 KB
Original Source

import PlanBadge from "@/components/PlanBadge"; import SupportOptions from "@/components/SupportOptions"; import Alert from "@/components/DocsAlert"; import Link from "next/link"; import Image from "next/image";

<PlanBadge plans={["starter", "team", "enterprise"]}>

Access a Private Web Application

</PlanBadge>

In this guide, we'll use Firezone to set up access to a private web application such as GitLab or Metabase. This is useful when you have a web app hosted behind a firewall that you want to keep secure, but still need to access it from external networks like the internet.

<Alert color="info"> This steps in this guide can be effectively applied to virtually any service, not just web applications. </Alert>

Prerequisites

  • A Site that will contain the web app you want to secure access to. Create a Site if you haven't already.
  • One or more Gateways deployed within the Site. Deploy a Gateway if you don't have any in the Site where this web app is located.
<Alert color="warning"> For reliable access to high-traffic web apps, set up multiple Gateways for load balancing. See [Deploying multiple Gateways](/kb/deploy/gateways#deploying-multiple-gateways). </Alert>

Step 1: Create a Resource

  1. In your admin portal, go to Sites -> <site> and click the Add Resource button.
  2. Select DNS as the Resource type.
  3. Enter the address of the web app you want to secure access to. For example: metabase.company.com. This address must be resolvable by all of the Gateway(s) in your Site.
  4. Optionally, add a traffic restriction for TCP/80 and/or TCP/443 to further limit access to this Resource to HTTP and/or HTTPS traffic only (Team and Enterprise plans).
  5. Enter a descriptive name for the Resource, e.g. Procurement team Metabase instance. This will be used to identify the Resource in the Firezone admin portal.
<Link href="/images/kb/use-cases/web-app-access/step1.png" target="_blank" rel="nofollow" > <Image src="/images/kb/use-cases/web-app-access/step1.png" alt="Create a Resource" width={1200} height={1200} /> </Link>

Step 2: Create a Policy

  1. In the Policies tab, click the Add Policy button.
  2. Create a Policy for the Resource you created in Step (1). Be sure to select the appropriate Group and Resource for the Policy.

Step 3: Done!

You've now secured access to your private web app with Firezone. You can now test access from any signed-in Client by visiting the address you specified in Step (1):

<Link href="/images/kb/use-cases/web-app-access/step3.png" target="_blank" rel="nofollow" > <Image src="/images/kb/use-cases/web-app-access/step3.png" alt="Access the web app" width={1200} height={1200} /> </Link> <SupportOptions />