Teleport Node HTTPS-only transport

Our company have many remote devices in our customers internal “perimiter” that have restricted traffic, and only can communite with specific resources with HTTP or HTTPS protocol

Is there any way for Teleport Node to communicate with server, only using HTTPS transport?

PS: Also mentioned devices need to work trough HTTPS_PROXY, if answer for the first question is “yes”, could it also be combined with proxy feature?

In the case of application access, HTTPS is used between the connecting client and the teleport proxy. From there, the teleport proxy may use SSH forwarding to reach the application (more details about this in the application access doc link)

The kubernetes access doc doesn’t mention any SSH forwarding like the application access doc does, and Kubernetes does use HTTPS. When you point your kubectl or other Kubernetes client client to the teleport proxy, it definitely talks https.

For SSH/shell access, you can access the web proxy interface over https in a web browser and from there open a web-based session. That works via a websocket from the browser to the proxy. From the proxy out to any teleport node where the shell session is running, it is certainly ssh traffic.

Teleport will tunnel its https (3080) and ssh (3024) connections through an HTTP CONNECT style proxy if you set both http_proxy and https_proxy. See https://goteleport.com/teleport/docs/admin-guide/#http-connect-proxies for more info. This setting may get you where you need to be.

1 Like

@ujeenator do you have any other questions?

To add a little clarity, Teleport’s kubernetes_service (used for remotely accessing a Kubernetes cluster) does use a reverse SSH tunnel for sending/receiving data from the proxy server, just the same as the application_service and node_service do.