coder/docs/reference/cli/boundary.md

boundary

Network isolation tool for monitoring and restricting HTTP/HTTPS requests

Usage

coder boundary [flags] [args...]

Description

boundary creates an isolated network environment for target processes, intercepting HTTP/HTTPS traffic through a transparent proxy that enforces user-defined allow rules.

Options

--config

Type	yaml-config-path
Environment	$BOUNDARY_CONFIG

Path to YAML config file.

--allow

Type	string
Environment	$BOUNDARY_ALLOW

Allow rule (repeatable). These are merged with allowlist from config file. Format: "pattern" or "METHOD[,METHOD] pattern".

--

Type	string-array
YAML	allowlist

Allowlist rules from config file (YAML only).

--log-level

Type	string
Environment	$BOUNDARY_LOG_LEVEL
YAML	log_level
Default	warn

Set log level (error, warn, info, debug).

--log-dir

Type	string
Environment	$BOUNDARY_LOG_DIR
YAML	log_dir

Set a directory to write logs to rather than stderr.

--proxy-port

Type	int
Environment	$PROXY_PORT
YAML	proxy_port
Default	8080

Set a port for HTTP proxy.

--pprof

Type	bool
Environment	$BOUNDARY_PPROF
YAML	pprof_enabled

Enable pprof profiling server.

--pprof-port

Type	int
Environment	$BOUNDARY_PPROF_PORT
YAML	pprof_port
Default	6060

Set port for pprof profiling server.

--jail-type

Type	string
Environment	$BOUNDARY_JAIL_TYPE
YAML	jail_type
Default	nsjail

Jail type to use for network isolation. Options: nsjail (default), landjail.

--use-real-dns

Type	bool
Environment	$BOUNDARY_USE_REAL_DNS
YAML	use_real_dns

Use real DNS in the jail instead of the dummy DNS (allows DNS exfiltration). Default: false.

--disable-audit-logs

Type	bool
Environment	$DISABLE_AUDIT_LOGS
YAML	disable_audit_logs

Disable sending of audit logs to the workspace agent when set to true.

--log-proxy-socket-path

Type	string
Environment	$CODER_AGENT_BOUNDARY_LOG_PROXY_SOCKET_PATH
Default	/tmp/boundary-audit.sock

Path to the socket where the boundary log proxy server listens for audit logs.

--version

Type	bool

Print version information and exit.