From 0573b746a020aeaa1dda1e6c0d3b06d454df14c5 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 30 Sep 2016 18:49:08 -0400 Subject: [PATCH] updates --- README.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 65 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ddd441f..65ca2ca 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,65 @@ -# node-tunnel-server -A naive tcp tunnel server +# stunneld.js + +A server that works in combination with [stunnel.js](https://github.com/Daplie/node-tunnel-client) +to allow you to serve http and https from any computer, anywhere through a secure tunnel. + +CLI +=== + +Installs as `stunnel.js` with the alias `jstunnel` +(for those that regularly use `stunnel` but still like commandline completion). + +### Install + +```bash +npm install -g stunnel +``` + +### Advanced Usage + +How to use `stunnel.js` with your own instance of `stunneld.js`: + +```bash +stunneld.js --servenames tunnel.example.com --protocols wss --secret abc123 +``` + +Options + +``` +--secret the same secret used by stunnel client (used for authentication) +--serve comma separated list of :: to which + incoming http and https should be forwarded +``` + +### Alterntive Methods + +**NOT YET IMPLEMENTED** + +We created this for anyone to use on their own server or VPS, +but those generally cost $5 - $20 / month and so it's probably +cheaper to purchase data transfer (which we supply, obviously), +which is only $1/month for most people. + +Just use the client ([stunnel.js](https://github.com/Daplie/node-tunnel-client)) +with Daplie's tunneling service (the default) and save yourself the monthly fee +by only paying for the data you need. + + * Daplie Tunnel (zero setup) + * Heroku (zero cost) + * Chunk Host (best deal per TB/month) + +Security +======== + +The bottom line: As with everything in life, there is no such thing as anonymity +or absolute security. Only use stunneld services that you trust. :D + +Even though the traffic is encrypted end-to-end, you can't just trust any stunneld service +willy-nilly. + +A man-in-the-middle attack is possible using Let's Encrypt since an evil stunneld service +would be able to complete the http-01 and tls-sni-01 challenges without a problem +(since that's where your DNS is pointed when you use the service). + +Also, the traffic could still be copied and stored for decryption is some era when quantum +computers exist (probably never).