Skip to main content

CLI Proxy

Making Connections from the CLI Proxy

The command oblv connect does following:

  • Performs an enclave health check.
  • Attests the service that is running.
  • Starts the HTTP reverse proxy to the enclave.

You can run the connect command as follows:

oblv connect --config <config file>\
    --url <url for the enclave>
    --local-port <local port for the revers proxy>

Here's an example of of what a connection will look like:

Make the Connection
oblv connect --config config.yaml\
    --url https://your-enclave.com\
    --local-port 3033
Output to the Terminal/Logs
[2024-04-29 10:14:08] INFO [oblv_cli_lib]: ✅ obtained the configuration for oblv cli                                                                                                                                                 [0/154]
[2024-04-29 10:14:08] INFO [lib_ccli]: ✅ parsed the enclave url successfully                                                                                                                                                                
[2024-04-29 10:14:08] INFO [lib_ccli]: ✅ the enclave is healthy
[2024-04-29 10:14:09] INFO [lib_ccli]: ✅ obtained the attestation document from the enclave
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: using PCR_server: http://localhost:8000/pcrs
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ✅ found PCR codes for the oblv_version: 0.1.0
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ==> Validating PCR Codes
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ---> ✅ PCR0 validated successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ---> ✅ PCR1 validated successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ---> ✅ PCR2 validated successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ✅ PCR codes validated successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: Extracting SSL certificate
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ✅ SSL certificate extracted
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: Extracting the thumbprint and server name
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: parsing the cert chain
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ✅ Extracted the server name and tls thumbprint successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: Validating the tls certificate with the thumbprint
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ✅ TLS certificate validated successfully with the tls thumbprint
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: Using this certificate for the communication with the enclave
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: Validating the manifest Hash
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ✅ Calculated the hash for the manifest
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: Validating the manifest hash
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ✅ Manifest hash validated successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: Validating the container digests
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ==> nginx:1.25.3
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: --->✅ validated container digest successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ==> public.ecr.aws/oblivious-ai/oblv-sample-fastapi:latest
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: --->✅ validated container digest successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ✅ Container digests validated successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: Validating the plugins
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ==> auth-plugin
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: --->✅ validated container digest successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ---> Validating the config
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ----> config.yaml
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ----> rules.json
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: --->✅ Validated the plugin config successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ==> telemetry-plugin
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: --->✅ validated container digest successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ---> Validating the config
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ----> config.yaml
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: --->✅ Validated the plugin config successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ==> fluentbit-logging
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: --->✅ validated container digest successfully
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ---> Validating the config
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: ----> fluent-bit.yaml
[2024-04-29 10:14:09] INFO [lib_ccli::attestation]: --->✅ Validated the plugin config successfully
[2024-04-29 10:14:09] INFO [lib_ccli]: ✅ Enclave attestated successfully.
[2024-04-29 10:14:09] INFO [oblv_cli_lib]: Connecting to the enclave: ip-XXXX-XXXX-XXXX
[2024-04-29 10:14:09] INFO [oblv_cli_lib]: ✅ Starting proxy server on localhost:3030...
[2024-04-29 10:14:09] INFO [warp::server]: Server::run; addr=127.0.0.1:3030
[2024-04-29 10:14:09] INFO [warp::server]: listening on http://127.0.0.1:3030