Depending on whether or not you self-host your Tines tenant, command-over-HTTP connectivity requirements differ.
In addition to the below requirements, in both settings, connectivity from the command-over-HTTP container to internal systems will also be required to execute commands affecting those systems.
For self-hosted tenants
In this context, the command-over-HTTP container will require connectivity over port 443 to the Tines self-hosted environment.
For cloud tenants
In this context, we use Cloudflare Tunnels under the hood to manage connectivity.
For the container deployed on your infrastructure, no inbound connectivity is required. Outbound-only connections will be made with the following services from your infrastructure:
If using strict TLS/SSL inspection, exclude the above HTTPS traffic from the interception policy. Additionally, outbound traffic to cftunnel.com needs to be excluded.
For more information, see Cloudflare's documentation.