Private Environments

Reflect Supports multiple ways to test non-public web applications.

Reflect Tunnel

Our recommended method for testing local and private environments is to use the Reflect Tunnel, a desktop application that can be installed on your local machine or in your company’s infrastructure. The Reflect Tunnel registers with the Reflect API and establishes a secure, encrypted connection to the cloud test infrastructure. When the Reflect Tunnel is enabled, all web requests initiated in a Reflect test are proxied through the Tunnel, allowing your Reflect tests to access local or private environments accessible to the machine on which the Reflect Tunnel is running.

Installation

The Reflect Tunnel is a native, cross-platform application that can be run on Windows, macOS, or Linux. This feature is available to all Reflect accounts, regardless of usage tier.

The Reflect Tunnel can be downloaded by using our Downloads page.

Windows and macOS

On Windows and macOS devices, the Reflect Tunnel runs as a system tray application. After installing and running the Reflect Tunnel application, the application will reside in the system tray by using the icon shown below:

macOS

RE_Screenshot_Tunnel1.jpg

Windows

RE_Screenshot_Tunnel2.jpg

Troubleshooting the missing Reflect Tunnel icon in the system tray

If the Reflect Tunnel icon does not appear on your Windows machine's system tray, this issue may be caused by the system firewall settings. To resolve this, ensure that Reflect Tunnel is permitted through the firewall on all network types: Domain, Private, and Public.

Perform the following steps to verify that Reflect Tunnel is allowed through the firewall:

  1. Open the Control Panel and click System and Security.

  2. Click Windows Defender Firewall.

  3. In the Windows Defender Firewall left navigation pane, click Allow an app or feature through Windows Defender Firewall.

  4. Select the "the reflect_tunnel.exe" checkbox from the Allowed apps and feature list, and ensure that the Domain, Private, and Public checkboxes are selected.

    Note

    If Reflect Tunnel is not listed under the apps and feature list, click Allow another app to manually add it.

    After updating the firewall settings, restart your system and relaunch Reflect Tunnel to ensure the icon appears in the system tray.

LINUX

The Linux version of the Reflect Tunnel is a binary executable that can be run by using the command-line or configured to run as a daemon process (For example, by using systemd):

./reflect_tunnel -settings <location-of-settings-file>

Starting the Tunnel

For the Reflect Tunnel to act as a proxy for your Reflect tests, you must associate the Tunnel with your Reflect account. This is done by entering your Reflect API key into the Reflect Tunnel settings.

Your Reflect API key can be found on the Account Information page in the Settings section Reflect. This is the same API key used when invoking the Reflect API directly or using one of our CI/CD integrations. If you have not already generated an API Key for your Reflect account, you can use the button on this page.

Windows and MacOS

To link your Reflect Tunnel to your account, click the icon in the system tray/menu bar and select the ‘Settings’ option:

RE_Screenshot_Tunnel3.jpg

This menu option will open a web browser to the Settings view for your Reflect Tunnel:

RE_Screenshot_Tunnel4.jpg

The Settings view has the following configuration options:

  • Device Name: This is the name that will be associated with your Tunnel, and it is the name that will appear when you choose a Tunnel when creating or running tests Reflect. By default, this will be set to the device name of your computer.

  • API Key: This is the linkage between your Tunnel and your Reflect Account. This must match the API Key associated with your Reflect Account.

To connect the Tunnel, click the ‘Enable Reflect Tunnel’ toggle. If the Tunnel connects successfully, you’ll see that the toggle is enabled a lot. Aine will appear, stating that the Tunnel is connected. The tray icon will be updated to indicate that the tunnel is connected.

LINUX

To start the Tunnel, you’ll first need to create a JSON file that looks like the following:

{
  "deviceName": "Your Tunnel Name",
  "apiKey": "your-api-key"
}

Pass the location of the settings file to the reflect_tunnel application as a command-line argument:

./reflect_tunnel -settings <location-of-settings-file>

When running the command-line application, the tunnel will attempt to connect using the API Key provided in the settings JSON file. If the connection is established successfully, you will see a log line indicating that the connection is successful.

Creating Tests using the Tunnel

When creating a test in Reflect, the option to route all traffic by using a Tunnel is presented by using a dropdown to the right of the ‘Starting URL’ field:

RE_Screenshot_Tunnel5.jpg

This option is also available when running automated tests directly from Zephyr:

RE_Screenshot_Tunnel6.jpg

Running Tests using the Tunnel

Running individual tests

When running a test, you also have the option to choose whether to route all traffic from that test run to a Tunnel.

When running an individual test, you can choose to route traffic through a Tunnel by clicking the dropdown in the bottom-left of the Run Test modal and selecting your desired Tunnel:

RE_Screenshot_Tunnel7.jpg

Running a suite of tests

To run all tests in a test suite by using a Tunnel, first select the Suite and click the ‘Define Environment Settings’ box in the Workflow settings of the Suite. In the sidebar, choose the Tunnel that you’d like all future executions of this Suite to use:

RE_Screenshot_Tunnel8.jpg

If you invoke a test suite directly using the UI, you’ll also see this same Tunnel option in the Run Suite modal.

Running tests using Zephyr

Finally, when running tests by using Zephyra Tunnel, you can choose to run your tests by using a Tunnel by selecting the dropdown next to the ‘Starting URL’ field in the Test Script tab of an individual test case, or the dropdown next to the ‘Browser’ field when running tests from the Test Cycle player:

RE_Screenshot_Tunnel9.jpg

Configuring access

The list of all Tunnels connected to your Reflect Account is viewable by navigating to the Settings section and clicking the ‘Local / Private Environments’ section from the sidebar:

RE_Screenshot_Tunnel10.jpg

From this view, administrators can also disable the Reflect Tunnel feature for your Reflect account by turning off the toggle next to the ‘Reflect Tunnel’ heading and clicking ‘Save Changes’.

Using a Static IP

An alternative approach to testing private environments is enabling your account's Static IP feature. Some QA or staging environments may be restricted to only allow visitors from a specific IP address or set of IPs. By default, Reflect it assigns IP addresses to its cloud browsers from a range of dynamic IPs, which means they cannot access an IP-restricted environment. To support testing these environments, Reflect you can provide a static IP address for your account. This forces all cloud browsers (i.e., recordings and test runs) to egress from Reflect the same IP address. You can then add this IP address to the list of “allowed” IP addresses in your environment’s network ACL.

Note

Provisioning a static IP for your account is charged as an add-on to your subscription. For more information or to see a demo, please contact us at .

In this section:
© 2025
Publication date: