Depending on whether or not you self-host your Tines tenant, command-over-HTTP connectivity requirements differ.
In addition to the below requirements, in both settings, connectivity from the command-over-HTTP container to internal systems will also be required to execute commands affecting those systems.
In this context, the command-over-HTTP container will require connectivity over port 443 to the Tines self-hosted environment.
In this context, we use Cloudflare Tunnels under the hood to manage connectivity.
For the container deployed on your infrastructure, no inbound connectivity is required. Outbound-only connections will be made with the following services from your infrastructure:
If using strict TLS/SSL inspection, exclude the above HTTPS traffic from the interception policy. Additionally, outbound traffic to cftunnel.com needs to be excluded.
For more information, see Cloudflare's documentation.