Accessing Public Services

Internet-facing resources (public load balancers, publicly accessible databases, CloudFront distributions) publish ports to the Docker host. You can access them from your machine using simfra.local or localhost.

Prerequisites

• SIMFRA_DOCKER=true is set
• Add 127.0.0.1 simfra.local to /etc/hosts (see Host DNS Setup)
• For HTTPS resources, import the Simfra root CA (see CA Trust Setup)

Finding the Assigned Port

Each public resource gets a host port from its service's port range. There are three ways to find which port was assigned.

From API responses

Most services include the port in their response. The DNS name or endpoint in the response resolves to the host with the correct port:

# ELBv2: DNSName includes the port
aws elbv2 describe-load-balancers --query 'LoadBalancers[0].DNSName'
# → "my-alb-123456.elb.us-east-1.simfra.dev:10200"

# RDS: Endpoint includes host and port
aws rds describe-db-instances --query 'DBInstances[0].Endpoint'
# → {"Address": "mydb.abc123.us-east-1.rds.simfra.dev", "Port": 10400}

# CloudFront: DomainName includes the port
aws cloudfront get-distribution --id E1ABC --query 'Distribution.DomainName'
# → "d111111abcdef8.cloudfront.simfra.dev:10800"

From the admin API

List all Docker-managed containers and their port mappings:

curl http://localhost:4599/_simfra/docker/containers

From the web console

The Docker panel in the web console shows all running containers with their published ports.

Examples

Browse a load balancer

# HTTP
curl http://simfra.local:10200/

# HTTPS (requires CA trust)
curl https://simfra.local:10201/

Or open https://simfra.local:10201/ in your browser after importing the Simfra root CA.

Connect to a public RDS instance

# PostgreSQL
psql -h simfra.local -p 10400 -U admin mydb

# MySQL
mysql -h simfra.local -P 10401 -u admin -p mydb

Curl a CloudFront distribution

curl http://simfra.local:10800/index.html

Connect to a public Redshift cluster

psql -h simfra.local -p 11000 -U admin mywarehouse

Connect to an Amazon MQ broker

# RabbitMQ management UI
open http://simfra.local:11200/

# ActiveMQ console
open http://simfra.local:11201/admin

Port Ranges by Service

Each service has a configurable port range. See Port Ranges for the full table and customization options.

HTTPS and TLS

Many services expose HTTPS endpoints (ELBv2, CloudFront, API Gateway). These use TLS certificates signed by the Simfra root CA. Your host must trust this CA for HTTPS to work without certificate errors.

See CA Trust Setup for instructions on importing the root CA on macOS, Linux, Windows, and specific browsers.

Next Steps

• CA Trust Setup - import the Simfra root CA for HTTPS access
• Accessing Private Services - reach VPC-only resources via port forwarding or CloudShell
• Host DNS Setup - resolve Simfra service DNS names from your host