How EpochProxy Works
A simple relay architecture that provides secure access without exposing ports. Understand the security model and see how easy it is to get started.
Architecture Overview
┌─────────────────────────────────────────────────────────────────┐ │ YOUR INFRASTRUCTURE │ │ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ epoch-agent │ │ epoch-agent │ │ epoch-agent │ │ │ │ (EC2 #1) │ │ (EC2 #2) │ │ (on-prem) │ │ │ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │ │ │ outbound │ │ │ │ │ WebSocket │ │ │ └──────────┼────────────────┼──────────────┼───────────────┘ │ │ │ └────────────────┼──────────────┘ │ ▼ ┌─────────────────────────────────┐ │ EPOCH RELAY │ │ (WebSocket Connection Hub) │ │ │ │ • Bridges agents and clients │ │ • TLS encrypted connections │ │ • No data stored │ └────────────────┬────────────────┘ │ ▼ ┌─────────────────────────────────┐ │ EPOCH API │ │ (Management & Auth Server) │ │ │ │ • Authentication (JWT, IAM) │ │ • Authorization policies │ │ • Audit logging │ │ • Usage tracking & billing │ └────────────────┬────────────────┘ │ ┌──────────────────┴──────────────────┐ │ │ ▼ ▼ ┌─────────────────────┐ ┌─────────────────────┐ │ EPOCH CLI │ │ WEB DASHBOARD │ │ (Developers) │ │ (Admins) │ └─────────────────────┘ └─────────────────────┘
epoch-agent
Lightweight daemon that runs on your servers. Connects outbound to the relay and handles terminal sessions and command execution.
- • Single binary, easy to install
- • Auto-reconnects on network issues
- • Minimal resource usage
epoch-relay
WebSocket hub that bridges connections between agents and clients. Stateless—doesn't store any data, just routes traffic.
- • Horizontally scalable
- • TLS encrypted connections
- • Sub-millisecond latency
epoch-api
Management server handling authentication, authorization, audit logging, and billing. The brain of the system.
- • JWT and AWS IAM authentication
- • Role-based access policies
- • Usage tracking and billing
CLI & Dashboard
User interfaces for connecting to agents, running commands, and managing your infrastructure.
- • Simple CLI commands
- • Web-based terminal
- • Admin dashboard
Security Model
Zero Exposed Ports
Agents only create outbound connections. No SSH port 22, no VPN ports, no attack surface. Your servers remain invisible to port scanners.
End-to-End Encryption
All traffic is encrypted with TLS 1.3. The relay sees encrypted data but cannot read it. Perfect forward secrecy ensures past sessions stay secure.
Identity-Based Access
No shared credentials or SSH keys. Users authenticate with their identity (email, OAuth, or AWS IAM). Every action is tied to a specific user for auditing.
Policy-Based Authorization
Fine-grained policies control who can access which agents. Define rules by user, role, agent tag, time of day, or source IP.
Getting Started
Create an account
Sign up at app.epochproxy.cloud. Start free with the Usage plan.
docker-compose up -d
Install the agent
Run a single command on your server to install and register the agent.
$ epoch-agent register --code YOUR_CODE
Connect
Use the CLI or web dashboard to connect to your agent.
$ epoch connect my-server
# You're in! Secure terminal session started.
Ready to get started?
Set up secure infrastructure access in under 5 minutes.