Tunnel Commands
The doover tunnel command group manages remote access tunnels to devices on the Doover platform. Tunnels provide secure connections to services running on edge devices (SSH, HTTP, RTSP, etc.) without requiring direct network access.
Tunnels can be managed at the top level (doover tunnel) or scoped to a specific device (doover device tunnels).
Top-Level Tunnel Commands
Listing Tunnels
doover tunnel list
Lists all tunnels across all devices.
| Option | Description |
|---|---|
--search | Full-text search |
--ordering | Sort expression |
--page / --per-page | Pagination |
--profile | Authentication profile |
Getting Tunnel Details
doover tunnel get <tunnel-id-or-name>
Creating a Tunnel
doover tunnel create
The create command accepts options matching the tunnel model fields, which are dynamically generated from the platform API.
Deleting a Tunnel
doover tunnel delete my-tunnel doover tunnel delete my-tunnel --yes # Skip confirmation
Activating and Deactivating
doover tunnel activate my-tunnel doover tunnel deactivate my-tunnel
Activating a tunnel establishes the remote connection. Deactivating tears it down. The tunnel configuration is preserved in both cases.
Device-Scoped Tunnel Commands
When managing tunnels on a specific device, use doover device tunnels:
List Tunnels on a Device
doover device tunnels list my-device
Get a Tunnel on a Device
doover device tunnels get my-device my-tunnel
Create a Tunnel on a Device
doover device tunnels create my-device \ --name ssh \ --hostname localhost \ --port 22 \ --protocol tcp
Required Options
| Option | Description |
|---|---|
--name | Tunnel name |
--hostname | Target hostname on the device |
--port | Target port on the device |
--protocol | Connection protocol: tcp, rtsp, http, or https |
Optional Settings
| Option | Default | Description |
|---|---|---|
--username | — | Authentication username |
--password | — | Authentication password |
--timeout | — | Tunnel timeout in seconds |
--ip-restricted / --no-ip-restricted | — | Restrict access by IP |
--disable-tls-verification / --verify-tls | — | TLS verification for HTTPS tunnels |
--favourite / --no-favourite | — | Mark as favourite |
Update a Tunnel
doover device tunnels update my-device my-tunnel --port 2222
The --protocol and device cannot be changed after tunnel creation. To change the protocol, delete the tunnel and create a new one.
Delete, Activate, Deactivate
doover device tunnels delete my-device my-tunnel doover device tunnels activate my-device my-tunnel doover device tunnels deactivate my-device my-tunnel
Example: SSH Tunnel to a Doovit
Create and activate an SSH tunnel to a device:
# Create the tunnel doover device tunnels create doovit-01 \ --name ssh-access \ --hostname localhost \ --port 22 \ --protocol tcp # Activate it doover device tunnels activate doovit-01 ssh-access
Once activated, the platform provides a connection URL that you can use to SSH into the device through the Doover tunnel.
Related Pages
- Device Management -- managing devices and device types
- Doover CLI Overview -- global options and command groups