Normally, Flood's grid nodes are only able to apply load on web-based applications that are publicly accessible from the internet. With a little setup, however, you can run floods against applications that are based behind a firewall.

In essence, Aqueduct SSL is a way to re-route load from Flood's grid nodes on the cloud through your local machine and to your application servers. In this guide, we'll show you how to set this up. Alternatively, we also have a video guide if you'd prefer.

Here are the main steps for setting up Aqueduct:

  1. Make sure the internal application is running and accessible.
  2. Install Aqueduct.
  3. Link Aqueduct to your Flood account.
  4. Create a tunnel.
  5. Create a grid in the same region as your tunnel.
  6. Create a .hosts file for the grid node.
  7. Write your load testing script.
  8. Run your test on Flood.

We'll go over each of these steps in detail:

Make sure the internal application is running and accessible.

First, you'll need an internal app to test against. If you don't already have one, follow these instructions to set up a sample app on your local machine.

To test that your app is set up and that your local machine can access it, run this command from your terminal:

curl -k https://www.ecorp.dev

I'm using the URL of my sample app here and in the rest of this article, but replace the URL with your app's URL as needed.

Install Aqueduct.

Follow these instructions to install Aqueduct.

Test that Aqueduct is set up by running this command from your terminal:

aqueduct version

You should get back something like this:

╤╤ flood aqueduct ╤╤ : version

version : stable
commit  : 4d619d7
built   : 2019-02-19T02:25:52Z

Link Aqueduct to your Flood account.

Log into your Flood account and go to API Access. Click on Reveal token and copy the token. It will look something like this:

accces_token=flood_live_a21a7c847cda89bb475883721247588900912388aa

From your terminal, run this command:

aqueduct configure

This will prompt you for your Flood token. Paste the token you copied from Flood here and hit Enter.

You'll then be asked for select the default AWS region of the tunnel. This is important because the tunnel needs to be in the same region as your grid nodes. Use the keyboard arrows to make your choice and then hit Enter.

Create a tunnel.

Run the command

aqueduct --target https://www.ecorp.dev

to create a new tunnel.

PLEASE NOTE: While the Aqueduct Docker image is public you may still be required to be logged in to DockerHub via your CLI in order to retrieve the client image as part of the above command. This seems to be a known bug with Docker itself. If you have an expired DockerHub authentication token this step may fail and will require you to do a docker logout  and subsequent docker login to re-authenticate.

This may take a few minutes as the new tunnel is created in AWS. You should get this output:

╤ flood aqueduct ╤╤ : run

Target mappings:
+-----------------------+-------------------+------+
|       --TARGET        |     HOST:PORT     | SSL? |
+-----------------------+-------------------+------+
| https://www.ecorp.dev | www.ecorp.dev:443 | true |
+-----------------------+-------------------+------+
==> Preparing tunnel
  - New tunnel requested
  - region  : eu-west-3
  - duration: 1h0m0s
--> Tunnel UUID: yKBNfuCd3qk
  - Waiting for tunnel server to start
 [√] Tunnel started
  - Querying tunnel name and DNS
  - Copying tunnel certificates

==> Starting tunnel client
  - Waiting for client to start
[√] Started aqueduct with container id: 98a8dcec

==> Checking client container is up & stable for 10s
[√] Container is up

Create a grid in the same region as your tunnel.

Now that your tunnel is running, launch a grid on Flood. Note that the grid must be in the same region as the tunnel.

Create a .hosts file for the grid node.

Now we need to create a .hosts file so that the Flood grid node will know how to resolve https:///www.ecorp.dev .

We want to tell the grid node to direct traffic to https://www.ecorp.dev to the tunnel we've just created, so we need to get the tunnel's IP address.

Run this command

aqueduct status

and you should see something like this:

╤╤ flood aqueduct ╤╤ : status

Aqueduct client container status:
Aqueduct client container not running

Available tunnels:
+---+-------------+-------------------------+---------+---------------+------------+---------------------+
|   |    UUID     |          NAME           | STATUS  |  LOCAL IPV4   | AWS REGION | TIME UNTIL SHUTDOWN |
+---+-------------+-------------------------+---------+---------------+------------+---------------------+
| 1 | 5Tslh8iMR9g | nearby-road-5Tslh8iMR9g | started | 172.31.47.122 | eu-west-3  | 51m2s               |
+---+-------------+-------------------------+---------+---------------+------------+---------------------+

Then create a new text file with this line:

address=/www.ecorp.dev/172.31.47.122

where the IP address used is the one that was output for your tunnel by the aqueduct status  command.

Save that text file as .hosts .

Write your load testing script.

To save you some time, download our sample script from JMeter here. The important thing here is that you use the http protocol (not httpS) in the request and leave the port number blank so that it uses the default port 80.

Run your test on Flood.

Now for the last step. Start a new flood and upload both your test script and the .hosts file that you created to Flood. Check out our Step-by-Step guides for each tool that we support. Select the grid that you started and start the test!

Congratulations, you've just tested your internal app with Flood!

For more information, check out these resources:

aqueduct.flood.io
Our blog post on Aqueduct

Did this answer your question?