Public Internet facing gateway (TCP reverse tunnel) for server.garden.
|
2 weeks ago | |
---|---|---|
config | 5 months ago | |
readme | 2 weeks ago | |
tunnel-lib | 6 months ago | |
usage-example | 6 months ago | |
.dockerignore | 5 months ago | |
.gitignore | 5 months ago | |
Dockerfile | 5 months ago | |
LICENSE.md | 2 weeks ago | |
README.md | 2 weeks ago | |
build-docker.sh | 3 months ago | |
build.sh | 5 months ago | |
go.mod | 8 months ago | |
go.sum | 2 years ago | |
main.go | 3 months ago |
Public Internet facing gateway (TCP reverse tunnel) for server.garden.
This project was originally forked from https://github.com/koding/tunnel
It is intended to be used to make it easier for non-tech-savvy people to host web services that are avaliable on the public internet.
This repository only includes the application that does the tunneling part. It does not include any other management or automation tools.
See the usage example folder for a basic test.
PUT /tunnels
api on the tunnel server's Management Port, and sends a JSON file describing which ports should be opened on the tunnel server, which client they should be tunneled to, and which service on the client they should be tunneled to, as well as whether or not the HAProxy "PROXY" protocol should be used. This connection can use TLS Client Authentication.Starting the tunnel server with tunnel mux port: 9056, management port: 9057
Starting the "listener" test app. It listens on port 9001. This would be your web application server.
2020/08/06 14:00:03 threshold server is starting up using config:
{
"DebugLog": false,
"TunnelControlPort": 9056,
"ManagementPort": 9057,
"CaCertificateFile": "InternalCA+chain.crt",
"ServerTlsKeyFile": "localhost.key",
"ServerTlsCertificateFile": "localhost+chain.crt"
}
Listener: I am listening on port 9001
2020/08/06 14:00:03 runServer(): the server should be running now
Starting the tunnel client. Client Identifier: TestClient1
2020/08/06 14:00:04 theshold client is starting up using config:
{
"DebugLog": false,
"ClientId": "TestClient1",
"ServerHost": "localhost",
"ServerTunnelControlPort": 9056,
"ServerManagementPort": 9057,
"ServiceToLocalAddrMap": {
"fooService": "127.0.0.1:9001"
},
"CaCertificateFile": "InternalCA+chain.crt",
"ClientTlsKeyFile": "TestClient1@example.com.key",
"ClientTlsCertificateFile": "TestClient1@example.com+chain.crt"
}
runClient(): the client should be running now
Checking the list of connected clients.
HTTP GET localhost:9057/clients:
{"TestClient1":{"CurrentState":"ClientConnected","LastState":"ClientUnknown"}}
Sending the tunnel configuration to the server.
HTTP PUT localhost:9057/tunnels:
now listening on 127.0.0.1:9000
[{"HaProxyProxyProtocol":true,"ListenAddress":"127.0.0.1","ListenHostnameGlob":"*","ListenPort":9000,"BackEndService":"fooService","ClientId":"TestClient1"}]
Starting the "sender" test app.
It connects to the front end port of the tunnel (port 9000). This would be your end user who wants to use the web application.
Sender: I am dialing localhost:9000 from 127.0.0.1:59382
Sender: sent 16 bytes
Listener: Someone connected from: 127.0.0.1:59382
Listener: read 16 bytes
Listener: the sender sent: Hello ! Hello!
Listener: I am going to respond with "asd"
Listener: conn.Close()
Sender: read 3 bytes
Sender: Response from listener was: asd
Done. Now terminating forked processes and cleaning up..
Note how the listener sees the original source IP and port, not the source IP and port of the connection from the tunnel client, because the listener supports the PROXY protocol and reports the source ip and port it recieves that way.
I have a few requirements for this system.
go build -o tunnel -tags netgo
# -tags netgo? what?
# this is a work around for dynamic linking on alpine linux
# see: https://stackoverflow.com/questions/36279253/go-compiled-binary-wont-run-in-an-alpine-docker-container-on-ubuntu-host
docker build -t sequentialread/tunnel:0.0.1 .