Deploying behind a gateway server

About deployment gateways

If you want to deploy your application in a DMZ, you should prepare a bastion server which enables you to connect to your DMZ. You should define a Deployment Gateway in your Cloud66 account and specify the information of the bastion server, then you will be able to deploy your application in the DMZ.


Team members should have Edit Deploy Gateways access rights to be able to use the deployment gateway.

Deploying an application behind a gateway

Gateway management is available through toolbelt .

First, you need to define a gateway. For example:

$ cx gateways add --name aws_bastion --address  --username ec2-user  --private-ip

In order to use this gateway for an application deployment, you need to first specify it in the manifest:

           name: aws_bastion
           username: ec2-user

…and then make it available before you start the deployment:

$ cx gateways open --name aws_bastion --key /tmp/gateway.pem --ttl 1h

Now you can deploy your application.

After the deployment is finished you can invalidate the gateway or leave it until the TTL is over.

$ cx gateways close --name aws_bastion

Accessing servers behind a gateway

If you want to connect to your servers behind a bastion server you will need to have access to the bastion server’s key. You can then use Toolbelt to connect to your server as follows:

$ cx ssh --gateway-key ~/.ssh/bastion_key  -s "My Awesome App" Lion