Shares | NetFoundry Documentation

Shares in NetFoundry Frontdoor enable you to expose your internal services to the public internet securely and efficiently. A Share creates a publicly accessible endpoint that routes traffic to your backend services without requiring you to open firewall ports or modify your network security configuration.

A Share is a public access point that makes your HTTP/HTTPS services available on the internet through NetFoundry Frontdoor's infrastructure. When you create a Share, NetFoundry Frontdoor generates a public URL that users can access from anywhere on the internet while establishing a secure zero-trust tunnel between the Frontdoor infrastructure and your backend service. It routes incoming requests from the public URL to your specified backend endpoint and handles SSL/TLS termination and security at the edge automatically.

How Shares Work

graph LR
    A[Internet Users] --> B[Frontdoor Public URL]
    B --> C[NetFoundry Edge Infrastructure]
    C --> D[Your Backend Service]

The Share acts as a bridge between the public internet and your private services by providing users with a public URL through NetFoundry Frontdoor while NetFoundry's infrastructure securely routes traffic to your backend. Your backend service remains protected behind your firewall without requiring any inbound ports to be opened, and SSL/TLS termination, DDoS protection, and other security features are handled automatically.

Use Cases

Development and Testing

Share development servers and staging environments with team members and clients while maintaining security through NetFoundry's zero-trust architecture.

Share development servers without VPN setup or firewall configuration
Expose staging environments for comprehensive QA testing
Enable remote debugging sessions for distributed development teams
Provide access to internal development tools and dashboards
Eliminate complex network configuration requirements
Maintain zero-trust security for all shared resources

API and Webhook Endpoints

Make APIs and microservices publicly accessible while securely receiving webhooks from external services without exposing internal network infrastructure.

Expose REST APIs, GraphQL endpoints, and microservices publicly
Receive webhooks from payment processors and CI/CD systems
Handle third-party integrations with secure backend connectivity
Share individual microservices for integration testing
Enable partner and external developer API testing
Avoid permanent network access or complex authentication setups

Collaboration and External Access

Provide secure temporary access to internal resources for external partners and enable cross-team collaboration without compromising network security.

Grant project-based access to contractors and consultants
Enable external partner access without network security compromise
Share development environments and testing systems across teams
Provide access to project-specific tools and resources
Streamline external partnerships and temporary access scenarios
Maintain full control through Share lifecycle management

Demo and Presentation

Showcase applications and prototypes to stakeholders with instant public access while maintaining control over demonstration environments.

Showcase applications to prospects, stakeholders, and investors
Create temporary demonstration environments for sales presentations
Enable customer pilots and product evaluations
Share prototypes and proof-of-concepts with instant access
Distribute beta versions and preview releases for user feedback
Control access duration and availability for all demonstrations

Production Service Exposure

Expose production services securely without traditional DMZ deployment while enabling zero-downtime deployments through encrypted tunnels.

Expose production web applications and customer portals
Provide customer and partner access to production APIs
Maintain security through encrypted tunnels and automatic SSL/TLS termination
Enable zero-downtime deployments with seamless traffic transition
Avoid traditional DMZ deployment requirements
Support direct production service access with full security

Monitoring and Health Check Endpoints

Share monitoring and health check services with external monitoring providers while keeping internal infrastructure secure.

Share dedicated monitoring endpoints and health check services
Provide access to application metrics and system health indicators
Enable external monitoring service integration
Share operational dashboards without VPN requirements
Allow third-party health and performance monitoring
Maintain security for internal monitoring infrastructure

Legacy System Integration

Modernize legacy applications by exposing them through Shares while maintaining existing infrastructure and compliance requirements.

Modernize legacy applications without infrastructure modifications
Enable cloud-based service integration with on-premises systems
Provide external access to mainframe applications and legacy databases
Support older systems that cannot be easily migrated to cloud
Maintain security and compliance requirements
Avoid firewall configuration changes for legacy systems

Security Considerations

Automatic Security Features

All traffic is protected with SSL/TLS encryption while DDoS protection operates at the edge to defend against attacks. Request filtering and validation ensure only legitimate traffic reaches your backend services, complemented by rate limiting and throttling mechanisms that prevent abuse and maintain service stability.

Access Control

While Shares create public endpoints, you should implement appropriate authentication and authorization in your backend services. NetFoundry Frontdoor provides the secure transport layer, but application-level security remains your responsibility.

Temporary Access

Shares can be created and destroyed as needed, making them ideal for temporary access scenarios. When you delete a Share, the public endpoint is immediately removed.

Best Practices

Naming Convention

Use descriptive names for your Shares that clearly identify the service and purpose:

api-production-v2
demo-customer-portal
staging-webhook-handler

Backend Health

Ensure your backend services are healthy and responsive before creating Shares. Monitor your backend performance as public traffic patterns may differ from internal usage. Health Checks can help you ensure your backend services are operating as expected.

Resource Management

Clean up unused Shares regularly to maintain a tidy environment while monitoring Share metrics to understand usage patterns and performance trends. Plan for appropriate scaling measures if your Share experiences high traffic volumes to ensure consistent service availability.

Security

Implement proper authentication mechanisms in your backend services and use HTTPS for backend communications whenever possible. Monitor access logs consistently for suspicious activity patterns and consider implementing rate limiting within your application to prevent abuse and maintain service quality.

Troubleshooting

Share Creation Failures When Share creation fails, verify that your Agent and Environment are active and properly connected to NetFoundry infrastructure. Confirm that the backend service URL is accessible from the Agent's location and check that the specified port and protocol match your service configuration.

Backend Service Unreachable If the public Share URL returns connection errors, ensure your backend service is running and responding on the configured endpoint. Verify that the Agent can reach your backend service by testing connectivity from the Agent's host system, and confirm that no local firewalls or security groups are blocking the connection.

SSL/TLS Certificate Issues For HTTPS backend services, verify that SSL certificates are valid and properly configured on your backend. Note that NetFoundry handles SSL termination at the edge, but backend SSL configuration can still affect connectivity depending on your service requirements.

Authentication Problems When authentication fails through Shares, confirm that your backend service authentication is configured correctly for public access patterns. Verify that authentication tokens, API keys, or session management work properly when accessed through the public Share URL rather than internal networks.

Performance Issues For slow Share response times, monitor your backend service performance and resource utilization. Check network latency between the Agent and backend service, and consider implementing Health Checks to monitor service availability and response times consistently.

Diagnostic Steps

Share Status Verification Check Share status through the management API to verify it's active and properly configured.

Backend Service Testing Test your backend service directly from the Agent's host system to isolate connectivity issues.

Network Connectivity Validation Verify that the Agent can communicate with both NetFoundry infrastructure and your backend services.

Log Analysis Review Agent logs and backend service logs for error messages and diagnostic information during Share access attempts.

Next Steps

Learn how to create and manage Shares using the API
Explore Frontends to understand how Shares integrate with custom domains
Review Health Checks to ensure your backend services remain healthy

What is a Share?​

How Shares Work​

Use Cases​

Development and Testing​

API and Webhook Endpoints​

Collaboration and External Access​

Demo and Presentation​

Production Service Exposure​

Monitoring and Health Check Endpoints​

Legacy System Integration​

Security Considerations​

Automatic Security Features​

Access Control​

Temporary Access​

Best Practices​

Naming Convention​

Backend Health​

Resource Management​

Security​

Troubleshooting​

Common Share Issues​

Diagnostic Steps​

Next Steps​

What is a Share?