Thanks for getting in touch!
Firstly, sorry for the delay in getting back to you on this one, I was off sick most of last week and I forgot to pass this one along.
This is actually a question that we have wrestled with over time, so much so that we even spec’d out a possible solution scenario when we first where designing workers back in 2017 - we termed that concept Edge Nodes. Unfortunately any further work on this concept has been parked behind some other features that we consider higher priority, so we haven’t progressed here.
In the meantime, while Workers are able to be behind a proxy (see
listening Tentacle on our proxy support page), unfortunately I don’t think this will work in the manner that you need it to. Our workers documentation page outlines what a worker can do quite nicely, the main gap that most people run into is that a worker can’t push packages to a Tentacle, or pass any execution tasks to a Tentacle. That all still needs to happen with a connection from your Octopus Server to a Tentacle directly, you can’t go via a worker here.
Having said that, if your main deployment workload could be broken down into executing scripts (with attached packages) then a worker may be suitable.
The easiest way to think about this is that if your task is self contained (i.e. scriptable) then a worker is suitable, if you are transferring packages to targets and are using complex deployment logic then you will need to deploy directly to a Tentacle.
If there is anything else we can help with, or if you would like to talk to someone further about your deployment scenario please let me know!