Access a Private Web Application
In this guide, we'll use Firezone to set up access to a private web application such as GitLab or Metabase. This is useful when you have a web app hosted behind a firewall that you want to keep secure, but still need to access it from external networks like the internet.
This steps in this guide can be effectively applied to virtually any service, not just web applications.
Prerequisites
- A Site that will contain the web app you want to secure access to. Create a Site if you haven't already.
- One or more Gateways deployed within the Site. Deploy a Gateway if you don't have any in the Site where this web app is located.
For reliable access to high-traffic web apps, set up multiple Gateways for load balancing. See Deploying multiple Gateways.
Step 1: Create a Resource
- In your admin portal, go to
Sites -> <site>
and click theAdd Resource
button. - Select
DNS
as the Resource type. - Enter the address of the web app you want to secure access to. For example:
metabase.company.com
. This address must be resolvable by all of the Gateway(s) in your Site. - Optionally, add a traffic restriction for
TCP/80
and/orTCP/443
to further limit access to this Resource to HTTP and/or HTTPS traffic only (Team and Enterprise plans). - Enter a descriptive name for the Resource, e.g.
Procurement team Metabase instance
. This will be used to identify the Resource in the Firezone admin portal.
Step 2: Create a Policy
- In the
Policies
tab, click theAdd Policy
button. - Create a Policy for the Resource you created in Step (1). Be sure to select the appropriate Group and Resource for the Policy.
Step 3: Done!
You've now secured access to your private web app with Firezone. You can now test access from any signed-in Client by visiting the address you specified in Step (1):
Need additional help?
See all support options or try asking on one of our community-powered support channels:
- Discussion forums: Ask questions, report bugs, and suggest features.
- Discord server: Join discussions, meet other users, and chat with the Firezone team
- Email us: We read every message.