Following diagram explains how the requests and responses flows through various layers to the system.
- Actor (user or service) sends the request to hosted service using the url shown on the Tunnel Relay. Azure Relay relay (backed by Service Bus) receives this request.
- Azure Relay then checks for the listeners to the specific relay. The listener in this case is Tunnel Relay application running on developer machine.
- Request is sent to Tunnel Relay.
- Tunnel Relay receives the request and does the necessary processing (you can read up more about this in Plugin Management) and forwards the request to hosted service.
- Hosted service then does the necessary processing and returns a response this is then forward to the caller down the same pipeline.
Q. Are requests to Tunnel Relay secure?
A. Endpoint exposed by Tunnel Relay is always an HTTPs url and hence secured by end to end encryption. Requests between Azure Relay and Tunnel Relay are also secure. Tunnel Relay to Hosted service the calls can be made over HTTP or HTTPs. Tunnel Relay does not check for certificate validity for the hosted services as most developers don't usually have SSL certificates for local development.
Q. What protocols does Tunnel Relay support for hosted services?
A. Tunnel Relay supports both HTTP and HTTPs for hosted services. Endpoint exposed by Tunnel relay is always HTTPs though.