| .tunnel | ||
| benchmark | ||
| cmd | ||
| id | ||
| log | ||
| proto | ||
| testdata | ||
| tunnelmock | ||
| vendor | ||
| .editorconfig | ||
| .gitignore | ||
| .travis.yml | ||
| auth.go | ||
| auth_test.go | ||
| backoff.go | ||
| client.go | ||
| client_test.go | ||
| doc.go | ||
| errors.go | ||
| Gopkg.lock | ||
| Gopkg.toml | ||
| httpproxy.go | ||
| integration_test.go | ||
| LICENSE | ||
| Makefile | ||
| pool.go | ||
| proxy.go | ||
| README.md | ||
| registry.go | ||
| server.go | ||
| tcpproxy.go | ||
| tunnel.go | ||
| utils.go | ||
Tunnel 
Tunnel enables you to share your localhost when you don't have a public IP.
Features:
- HTTP proxy
- HTTP basic authentication
- TCP proxy
- Auto reconnect using backoff strategy
- Dynamic client management and eviction
- Go
http.Handlerandhttp.RoundTripperimplementations
How it works:
Client opens a TLS connection to a server. Server accepts connections from known clients only, client is recognised by it's TLS certificate ID. The server is publicly available and proxies incoming connections to the client. Then the connection is further proxied in the client's network.
Tunnel is based HTTP/2 for speed and security. There is a single TCP connection between client and server and all the proxied connections are multiplexed using HTTP/2.
Common use cases:
- Hosting a game server from home
- Developing webhook integrations
- Managing IoT devices
Installation
Build the latest version.
$ go get -u github.com/mmatczuk/go-http-tunnel/cmd/...
Alternatively download the latest release.
Running
There are two executables:
tunneld- the tunnel server, to be run on publicly available host like AWS or GCEtunnel- the tunnel client, to be run on your local machine or in your private network
To get help on the command parameters run tunneld -h or tunnel -h.
Tunnel requires TLS certificates for both client and server.
$ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout client.key -out client.crt
$ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout server.key -out server.crt
Run client:
- Install
tunnelbinary - Make
.tunneldirectory in your project directory - Copy
client.key,client.crtto.tunnel - Create configuration file
tunnel.ymlin.tunnel - Start all tunnels
$ tunnel -config ./tunnel/tunnel.yml start-all
Run server:
- Install
tunneldbinary - Make
.tunnelddirectory - Copy
server.key,server.crtto.tunneld - Get client identifier (
tunnel -config ./tunnel/tunnel.yml id), identifier should look like thisYMBKT3V-ESUTZ2Z-7MRILIJ-T35FHGO-D2DHO7D-FXMGSSR-V4LBSZX-BNDONQ4 - Start tunnel server
$ tunneld -tlsCrt .tunneld/server.crt -tlsKey .tunneld/server.key -clients YMBKT3V-ESUTZ2Z-7MRILIJ-T35FHGO-D2DHO7D-FXMGSSR-V4LBSZX-BNDONQ4
This will run HTTP server on port 80 and HTTPS (HTTP/2) server on port 443. If you want to use HTTPS it's recommended to get a properly signed certificate to avoid security warnings.
Configuration
The tunnel client tunnel requires configuration file, by default it will try reading tunnel.yml in your current working directory. If you want to specify other file use -config flag.
Sample configuration that exposes:
localhost:8080aswebui.my-tunnel-host.com- host in private network for ssh connections
looks like this
server_addr: SERVER_IP:5223
insecure_skip_verify: true
tunnels:
webui:
proto: http
addr: localhost:8080
auth: user:password
host: webui.my-tunnel-host.com
ssh:
proto: tcp
addr: 192.168.0.5:22
remote_addr: 0.0.0.0:22
Configuration options:
server_addr: server TCP address, i.e.54.12.12.45:5223insecure_skip_verify: controls whether a client verifies the server's certificate chain and host name, if using self signed certificates must be set totrue, default:falsetls_crt: path to client TLS certificate, default:client.crtin the config file directorytls_key: path to client TLS certificate key, default:client.keyin the config file directorytunnels / [name]proto: tunnel protocol,httportcpaddr: forward traffic to this local port number or network address, forproto=httpthis can be full URL i.e.https://machine/sub/path/?plus=params, supports URL schemeshttpandhttpsauth: (proto=http) (optional) basic authentication credentials to enforce on tunneled requests, formatuser:passwordhost: (proto=http) hostname to request (requires reserved name and DNS CNAME)remote_addr: (proto=tcp) bind the remote TCP address
backoffinterval: how long client would wait before redialing the server if connection was lost, exponential backoff initial interval, default:500msmultiplier: interval multiplier if reconnect failed, default:1.5max_interval: maximal time client would wait before redialing the server, default:1mmax_time: maximal time client would try to reconnect to the server if connection was lost, set0to never stop trying, default:15m
Donation
If this project help you reduce time to develop, you can give me a cup of coffee.
A GitHub star is always appreciated!
License
Copyright (C) 2017 Michał Matczuk
This project is distributed under the BSD-3 license. See the LICENSE file for details.