When your models or MCP servers run inside a private network — a VPC, on-prem cluster, or any environment unreachable from the public internet — the SAAS gateway needs a network path to reach them. This page describes the supported ways to set up that path, along with the trade-offs of each.Documentation Index
Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
Use this file to discover all available pages before exploring further.
Choose an approach
| Option | What it does | Best for | Plan |
|---|---|---|---|
| Reverse Tunnel Agent | A small agent inside your network opens an outbound-only tunnel that the gateway uses to reach your private services. | Fast to set up. Works in any environment that can make outbound HTTPS. | Enterprise |
| Self-Host the Gateway | Run the gateway plane inside your own infrastructure so it has direct network access to your services. | Zero cross-network traffic and full data residency control. | Enterprise |
Option 1: Reverse Tunnel Agent
Instead of exposing your model or MCP server publicly, you run acloudflared agent inside your network. The agent opens an outbound-only tunnel to a Truefoundry-managed domain dedicated to your tenant. The gateway then reaches your private services through that tunnel — no inbound firewall ports need to be opened.
This option is available on enterprise plans. Contact the Truefoundry team to enable it for your tenant.
How it works
Two components run inside your network:- cloudflared agent — The tunnel client. It initiates outbound-only connections to Cloudflare’s edge and carries encrypted traffic from the gateway back to your private services.
- Caddy internal router — Truefoundry’s routing component. It receives traffic arriving through the tunnel and forwards each request to the correct upstream service based on the URL.
http://my-mcp-server.internal:8080/sse inside your VPC becomes reachable at:
Request flow
Setup
Request a tunnel
Contact the Truefoundry team to provision a new tunnel for your tenant. You will receive:
public_domain— Your tenant’s public domain, e.g.,<tenant-name>.private-endpoints.truefoundry.ai.auth_token— The token used to runcloudflaredin your environment.
Deploy the tunnel stack
Run
cloudflared and the Caddy internal router inside your network using the auth_token.- VM
- Kubernetes (Helm)
Register your service in the gateway
Once the tunnel is active, your private services are reachable at:Use this URL as the endpoint when registering the model or MCP server in the gateway. For MCP servers, see Getting started with MCP servers.
Security
- No inbound exposure. All traffic from the gateway to your services travels over the encrypted outbound tunnel. No inbound ports are opened on your network.
- Gateway-only access to the tunnel. Each tenant’s tunnel endpoint is locked down to the Truefoundry gateway’s IP addresses, so requests from any other source are rejected — even if they know the private endpoint URL.
- Tenant isolation. MCP server URLs can only be registered if they begin with your tenant’s private endpoint domain (
<tenant-name>.private-endpoints.truefoundry.ai), which prevents cross-tenant SSRF. Access is further restricted by a tenant-specific secret token. - Protect the
auth_token. Treat it as a high-value secret — store it in Kubernetes Secrets or a dedicated secrets manager. If an attacker obtains it, they can impersonate your tunnel. Contact the Truefoundry team immediately if you suspect it has been compromised.