boundary
Network isolation tool for monitoring and restricting HTTP/HTTPS requests
Usage
coder boundary [flags] [args...]
Description
boundary creates an isolated network environment for target processes, intercepting HTTP/HTTPS traffic through a transparent proxy that enforces user-defined allow rules.
Options
--config
| Type | yaml-config-path |
| Environment | $BOUNDARY_CONFIG |
Path to YAML config file.
--allow
| Type | string |
| Environment | $BOUNDARY_ALLOW |
Allow rule (repeatable). These are merged with allowlist from config file. Format: "pattern" or "METHOD[,METHOD] pattern".
--
| Type | string-array |
| YAML | allowlist |
Allowlist rules from config file (YAML only).
--log-level
| Type | string |
| Environment | $BOUNDARY_LOG_LEVEL |
| YAML | log_level |
| Default | warn |
Set log level (error, warn, info, debug).
--log-dir
| Type | string |
| Environment | $BOUNDARY_LOG_DIR |
| YAML | log_dir |
Set a directory to write logs to rather than stderr.
--proxy-port
| Type | int |
| Environment | $PROXY_PORT |
| YAML | proxy_port |
| Default | 8080 |
Set a port for HTTP proxy.
--pprof
| Type | bool |
| Environment | $BOUNDARY_PPROF |
| YAML | pprof_enabled |
Enable pprof profiling server.
--pprof-port
| Type | int |
| Environment | $BOUNDARY_PPROF_PORT |
| YAML | pprof_port |
| Default | 6060 |
Set port for pprof profiling server.
--configure-dns-for-local-stub-resolver
| Type | bool |
| Environment | $BOUNDARY_CONFIGURE_DNS_FOR_LOCAL_STUB_RESOLVER |
| YAML | configure_dns_for_local_stub_resolver |
Configure DNS for local stub resolver (e.g., systemd-resolved). Only needed when /etc/resolv.conf contains nameserver 127.0.0.53.
--jail-type
| Type | string |
| Environment | $BOUNDARY_JAIL_TYPE |
| YAML | jail_type |
| Default | nsjail |
Jail type to use for network isolation. Options: nsjail (default), landjail.
--disable-audit-logs
| Type | bool |
| Environment | $DISABLE_AUDIT_LOGS |
| YAML | disable_audit_logs |
Disable sending of audit logs to the workspace agent when set to true.
--log-proxy-socket-path
| Type | string |
| Environment | $CODER_AGENT_BOUNDARY_LOG_PROXY_SOCKET_PATH |
| Default | /tmp/boundary-audit.sock |
Path to the socket where the boundary log proxy server listens for audit logs.
--version
| Type | bool |
Print version information and exit.