Endpoints

Endpoints let you expose your Apps on Enclave to clients over the public internet or your Stack’s internal network.

An Endpoint is always associated with a given Service: traffic received by the Endpoint will be load-balanced across all the Containers for the service, which allows for highly-available and horizontally-scalable architectures.

Endpoint Types

Enclave supports several types of Endpoints.

The Endpoint type determines the type of traffic the Endpoint accepts (and on which ports it does so), and how that traffic is passed on to your App Containers:

  • HTTP(S) Endpoints accept HTTP and HTTPS traffic and forward plain HTTP traffic to your containers. They handle HTTPS termination for you.
  • TLS Endpoints accept TLS traffic and forward it as TCP to your containers. Here again, TLS termination is handled by the Endpoint.
  • TCP Endpoints accept TCP traffic and forward TCP traffic to your containers.

Endpoint Placement

Enclave Endpoints can be exposed to the public internet (this is called External Placement), or exposed only to other Apps deployed in the same Stack (this is called Internal Placement).

Regardless of which placement you choose, you can always enable IP Filtering as a means to further lock down which clients are allowed to connect to your Endpoint.

Domain Name

Enclave Endpoints let you bring your own Custom Domain.

If you don’t have or don’t want to use a Custom Domain, you can use an Enclave-provided Default Domain.

SSL / TLS Certificates

HTTP(S) Endpoints and TLS Endpoints perform TLS termination for you, so if you are using either of those, Enclave will need a certificate valid for the hostname you plan to access the Endpoint from.

There are two cases here:

  • If you are using a Default Domain, Enclave controls the hostname, and will provide a SSL / TLS Certificate as well.
  • However, if you are using a Custom Domain, you will need to provide Enclave with a Custom Certificate, or enable Managed HTTPS and let Enclave provision the certificate for you.

Timeouts

Endpoints enforce idle timeouts on traffic. See Endpoint Timeouts for more information.