Shares overview
Shares in NetFoundry Frontdoor enable you to expose your internal services to the public internet securely and efficiently. A share creates a publicly accessible endpoint that routes traffic to your backend services without requiring you to open firewall ports or modify your network security configuration.
What is a share?
A share is a public access point that makes your HTTP/HTTPS services available on the internet through NetFoundry Frontdoor's infrastructure. When you create a share, NetFoundry Frontdoor generates a public URL that users can access from anywhere on the internet while establishing a secure zero-trust tunnel between the Frontdoor infrastructure and your backend service. It routes incoming requests from the public URL to your specified backend endpoint and handles SSL/TLS termination and security at the edge automatically.
How shares work
The share acts as a bridge between the public internet and your private services by providing users with a public URL through NetFoundry Frontdoor while NetFoundry's infrastructure securely routes traffic to your backend. Your backend service remains protected behind your firewall without requiring any inbound ports to be opened, and SSL/TLS termination, DDoS protection, and other security features are handled automatically.
Security considerations
Automatic security features
All traffic is protected with SSL/TLS encryption while DDoS protection operates at the edge to defend against attacks. Request filtering and validation ensure only legitimate traffic reaches your backend services, complemented by rate limiting and throttling mechanisms that prevent abuse and maintain service stability.
Access control
While shares create public endpoints, you should implement appropriate authentication and authorization in your backend services. NetFoundry Frontdoor provides the secure transport layer, but application-level security remains your responsibility.
Temporary access
Shares can be created and destroyed as needed, making them ideal for temporary access scenarios. When you delete a share, the public endpoint is immediately removed.
Best practices
Naming convention
Use descriptive names for your shares that clearly identify the service and purpose:
api-production-v2demo-customer-portalstaging-webhook-handler
Backend health
Ensure your backend services are healthy and responsive before creating shares. Monitor your backend performance as public traffic patterns may differ from internal usage. Health Checks can help you ensure your backend services are operating as expected.
Resource management
Clean up unused shares regularly to maintain a tidy environment while monitoring share metrics to understand usage patterns and performance trends. Plan for appropriate scaling measures if your share experiences high traffic volumes to ensure consistent service availability.
Security
Implement proper authentication mechanisms in your backend services and use HTTPS for backend communications whenever possible. Monitor access logs consistently for suspicious activity patterns and consider implementing rate limiting within your application to prevent abuse and maintain service quality.
More info
- Learn how to create and manage shares using the API
- Explore Frontends to understand how shares integrate with custom domains
- Review Health Checks to ensure your backend services remain healthy