Reflect Docs
Private Environments
Reflect supports multiple ways to test non-public web applications.
Using a Static IP
Some QA or staging environments may be restricted to only allow visitors coming from a specific IP address or set of IPs. By default, Reflect assigns IP addresses to its cloud browsers from a range of dynamic IPs, which means they will not be able to access an IP-restricted environment. To support testing these environments, Reflect can provision a static IP address for your account. This forces all cloud browsers (i.e., recordings and test runs) to egress from Reflect with the same IP address. You can then add this IP address to the list of “allowed” IP addresses in your environment’s network ACL.
Reflect Agent
In some cases, a web application is not publicly-accessible at all and is only available within a private network (i.e., private IP only). Reflect supports testing such non-public web applications through the use of the Reflect Agent.
The agent is a networked daemon that runs as a Docker container on a host within your private network. The agent registers with the Reflect API and establishes an encrypted Wireguard connection to your Reflect cloud browsers. Recordings and test runs then route their traffic through the secure tunnel and egress into your private network where they can access private web applications.
The agent typically runs on a host with a restricted network ACL itself so that the only traffic allowed is between the agent and Reflect. Additionally, the agent requires the Linux host machine to use kernel version 5.6 or beyond because it relies on the Wireguard module from the host’s networking stack.
The Reflect Agent source code is open-source and available on GitHub: runreflect/agent.
