Merge branch 'master' into commercial

This commit is contained in:
AJ ONeal 2018-06-14 10:09:58 +00:00
commit 20f59b6af7
8 changed files with 96 additions and 96 deletions

View File

@ -31,15 +31,15 @@ curl -fsSL https://get.telebit.cloud/relay | bash
Of course, feel free to inspect the install script before you run it.
This will install Telebit Relay to `/opt/telebitd` and
put a symlink to `/opt/telebitd/bin/telebitd` in `/usr/local/bin/telebitd`
This will install Telebit Relay to `/opt/telebit-relay` and
put a symlink to `/opt/telebit-relay/bin/telebit-relay` in `/usr/local/bin/telebit-relay`
for convenience.
You can customize the installation:
```bash
export NODEJS_VER=v10.2
export TELEBITD_PATH=/opt/telebitd
export TELEBIT_RELAY_PATH=/opt/telebit-relay
curl -fsSL https://get.telebit.cloud/relay
```
@ -49,7 +49,7 @@ and the path to which Telebit Relay installs.
You can get rid of the tos + email and server domain name prompts by providing them right away:
```bash
curl -fsSL https://get.telebit.cloud/relay | bash -- jon@example.com telebit.example.com
curl -fsSL https://get.telebit.cloud/relay | bash -- jon@example.com telebit-relay.example.com
```
Windows & Node.js
@ -57,37 +57,37 @@ Windows & Node.js
1. Install [node.js](https://nodejs.org)
2. Open _Node.js_
2. Run the command `npm install -g telebitd`
2. Run the command `npm install -g telebit-relay`
**Note**: Use node.js v8.x or v10.x
There is [a bug](https://github.com/nodejs/node/issues/20241) in node v9.x that causes telebitd to crash.
There is [a bug](https://github.com/nodejs/node/issues/20241) in node v9.x that causes telebit-relay to crash.
Usage
====
```bash
telebitd --config /etc/telebit/telebitd.yml
telebit-relay --config /opt/telebit-relay/etc/telebit-relay.yml
```
Options
`/etc/telebit/telebitd.yml:`
`/opt/telebit-relay/etc/telebit-relay.yml:`
```
email: 'jon@example.com' # must be valid (for certificate recovery and security alerts)
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
community_member: true # receive infrequent relevant but non-critical updates
telemetry: true # contribute to project telemetric data
secret: '' # JWT authorization secret. Generate like so:
# node -e "console.log(crypto.randomBytes(16).toString('hex'))"
servernames: # hostnames that direct to the Telebit Relay admin console
- telebit.example.com
- telebit.example.net
vhost: /srv/www/:hostname # securely serve local sites from this path (or false)
# (uses template string, i.e. /var/www/:hostname/public)
email: 'jon@example.com' # must be valid (for certificate recovery and security alerts)
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
community_member: true # receive infrequent relevant but non-critical updates
telemetry: true # contribute to project telemetric data
secret: '' # JWT authorization secret. Generate like so:
# node -e "console.log(crypto.randomBytes(16).toString('hex'))"
servernames: # hostnames that direct to the Telebit Relay admin console
- telebit-relay.example.com
- telebit-relay.example.net
vhost: /srv/www/:hostname # securely serve local sites from this path (or false)
# (uses template string, i.e. /var/www/:hostname/public)
greenlock:
store: le-store-certbot # certificate storage plugin
config_dir: /etc/acme # directory for ssl certificates
store: le-store-certbot # certificate storage plugin
config_dir: /opt/telebit-relay/etc/acme # directory for ssl certificates
```
Security
@ -128,7 +128,7 @@ Useful Tidbits
## As a systemd service
`./dist/etc/systemd/system/telebitd.service` should be copied to `/etc/systemd/system/telebitd.service`.
`./dist/etc/systemd/system/telebit-relay.service` should be copied to `/etc/systemd/system/telebit-relay.service`.
The user and group `telebit` should be created.

View File

@ -19,15 +19,15 @@ function help() {
console.info('');
console.info('Usage:');
console.info('');
console.info('\ttelebitd --config <path>');
console.info('\ttelebit-relay --config <path>');
console.info('');
console.info('Example:');
console.info('');
console.info('\ttelebitd --config /etc/telebit/telebitd.yml');
console.info('\ttelebit-relay --config /opt/telebit-relay/etc/telebit-relay.yml');
console.info('');
console.info('Config:');
console.info('');
console.info('\tSee https://git.coolaj86.com/coolaj86/telebitd.js');
console.info('\tSee https://git.coolaj86.com/coolaj86/telebit-relay.js');
console.info('');
console.info('');
process.exit(0);
@ -294,7 +294,7 @@ function adjustArgs() {
.option('--serve <URL>', 'comma separated list of <proto>:<//><servername>:<port> to which matching incoming http and https should forward (reverse proxy). Ex: https://john.example.com,tls:*:1337', collectProxies, [ ])
.option('--ports <PORT>', 'comma separated list of ports on which to listen. Ex: 80,443,1337', collectPorts, [ ])
.option('--servernames <STRING>', 'comma separated list of servernames to use for the admin interface. Ex: tunnel.example.com,tunnel.example.net', collectServernames, [ ])
.option('--secret <STRING>', 'the same secret used by telebitd (used for JWT authentication)')
.option('--secret <STRING>', 'the same secret used by telebit-relay (used for JWT authentication)')
.parse(process.argv)
;

View File

@ -1,11 +1,11 @@
# Pre-req
# sudo adduser telebit --home /opt/telebitd
# sudo mkdir -p /opt/telebitd/
# sudo chown -R telebit:telebit /opt/telebitd/
# sudo adduser telebit --home /opt/telebit-relay
# sudo mkdir -p /opt/telebit-relay/
# sudo chown -R telebit:telebit /opt/telebit-relay/
[Unit]
Description=Telebit Relay
Documentation=https://git.coolaj86.com/coolaj86/telebitd.js/
Documentation=https://git.coolaj86.com/coolaj86/telebit-relay.js/
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
@ -22,9 +22,9 @@ StartLimitBurst=3
User=telebit
Group=telebit
WorkingDirectory=/opt/telebitd
WorkingDirectory=/opt/telebit-relay
# custom directory cannot be set and will be the place where gitea exists, not the working directory
ExecStart=/opt/telebitd/bin/node /opt/telebitd/bin/telebitd.js --config /etc/telebit/telebitd.yml
ExecStart=/opt/telebit-relay/bin/node /opt/telebit-relay/bin/telebit-relay.js --config /opt/telebit-relay/etc/telebit-relay.yml
ExecReload=/bin/kill -USR1 $MAINPID
# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
@ -44,10 +44,10 @@ ProtectSystem=full
# and /var/log/gitea because we want a place where logs can go.
# This merely retains r/w access rights, it does not add any new.
# Must still be writable on the host!
ReadWriteDirectories=/opt/telebitd /etc/telebit
ReadWriteDirectories=/opt/telebit-relay /etc/telebit
# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
; ReadWritePaths=/opt/telebitd /etc/telebit
; ReadWritePaths=/opt/telebit-relay /etc/telebit
# The following additional security directives only work with systemd v229 or later.
# They further retrict privileges that can be gained by gitea.

View File

@ -7,4 +7,4 @@ greenlock:
server: 'https://acme-v02.api.letsencrypt.org/directory'
store:
strategy: le-store-certbot
config_dir: /opt/telebitd/acme
config_dir: /opt/telebit-relay/etc/acme

View File

@ -64,10 +64,10 @@ my_email=${1:-}
my_servername=${2:-}
my_secret=""
my_user="telebit"
my_app="telebitd"
my_bin="telebitd.js"
my_app="telebit-relay"
my_bin="telebit-relay.js"
my_name="Telebit Relay"
my_repo="telebitd.js"
my_repo="telebit-relay.js"
if [ -z "${my_email}" ]; then
echo ""
@ -86,7 +86,7 @@ fi
if [ -z "${my_servername}" ]; then
echo "What is the domain of this server (for admin interface)?"
echo ""
read -p "domain (ex: telebit.example.com): " my_servername
read -p "domain (ex: telebit-relay.example.com): " my_servername
echo ""
# UX - just want a smooth transition
sleep 0.5
@ -94,99 +94,99 @@ fi
echo ""
if [ -z "${TELEBITD_PATH:-}" ]; then
echo 'TELEBITD_PATH="'${TELEBITD_PATH:-}'"'
TELEBITD_PATH=/opt/$my_app
if [ -z "${TELEBIT_RELAY_PATH:-}" ]; then
echo 'TELEBIT_RELAY_PATH="'${TELEBIT_RELAY_PATH:-}'"'
TELEBIT_RELAY_PATH=/opt/$my_app
fi
echo "Installing $my_name to '$TELEBITD_PATH'"
echo "Installing $my_name to '$TELEBIT_RELAY_PATH'"
echo "Installing node.js dependencies into $TELEBITD_PATH"
echo "Installing node.js dependencies into $TELEBIT_RELAY_PATH"
# v10.2+ has much needed networking fixes, but breaks ursa. v9.x has severe networking bugs. v8.x has working ursa, but requires tls workarounds"
NODEJS_VER="${NODEJS_VER:-v10}"
export NODEJS_VER
export NODE_PATH="$TELEBITD_PATH/lib/node_modules"
export NPM_CONFIG_PREFIX="$TELEBITD_PATH"
export PATH="$TELEBITD_PATH/bin:$PATH"
export NODE_PATH="$TELEBIT_RELAY_PATH/lib/node_modules"
export NPM_CONFIG_PREFIX="$TELEBIT_RELAY_PATH"
export PATH="$TELEBIT_RELAY_PATH/bin:$PATH"
sleep 1
http_bash https://git.coolaj86.com/coolaj86/node-installer.sh/raw/branch/master/install.sh --no-dev-deps >/dev/null 2>/dev/null
my_tree="master"
my_node="$TELEBITD_PATH/bin/node"
my_node="$TELEBIT_RELAY_PATH/bin/node"
my_secret=$($my_node -e "console.info(crypto.randomBytes(16).toString('hex'))")
my_npm="$my_node $TELEBITD_PATH/bin/npm"
my_tmp="$TELEBITD_PATH/tmp"
my_npm="$my_node $TELEBIT_RELAY_PATH/bin/npm"
my_tmp="$TELEBIT_RELAY_PATH/tmp"
mkdir -p $my_tmp
echo "sudo mkdir -p '$TELEBITD_PATH'"
sudo mkdir -p "$TELEBITD_PATH"
echo "sudo mkdir -p '/etc/$my_user/'"
sudo mkdir -p "/etc/$my_user/"
echo "sudo mkdir -p '$TELEBIT_RELAY_PATH'"
sudo mkdir -p "$TELEBIT_RELAY_PATH"
echo "sudo mkdir -p '/opt/$my_app/etc'"
sudo mkdir -p "/opt/$my_app/etc/"
set +e
#https://git.coolaj86.com/coolaj86/telebitd.js.git
#https://git.coolaj86.com/coolaj86/telebitd.js/archive/:tree:.tar.gz
#https://git.coolaj86.com/coolaj86/telebitd.js/archive/:tree:.zip
#https://git.coolaj86.com/coolaj86/telebit-relay.js.git
#https://git.coolaj86.com/coolaj86/telebit-relay.js/archive/:tree:.tar.gz
#https://git.coolaj86.com/coolaj86/telebit-relay.js/archive/:tree:.zip
my_unzip=$(type -p unzip)
my_tar=$(type -p tar)
if [ -n "$my_unzip" ]; then
rm -f $my_tmp/$my_app-$my_tree.zip
http_get https://git.coolaj86.com/coolaj86/$my_repo/archive/$my_tree.zip $my_tmp/$my_app-$my_tree.zip
# -o means overwrite, and there is no option to strip
$my_unzip -o $my_tmp/$my_app-$my_tree.zip -d $TELEBITD_PATH/ > /dev/null 2>&1
cp -ar $TELEBITD_PATH/$my_repo/* $TELEBITD_PATH/ > /dev/null
rm -rf $TELEBITD_PATH/$my_bin
$my_unzip -o $my_tmp/$my_app-$my_tree.zip -d $TELEBIT_RELAY_PATH/ > /dev/null 2>&1
cp -ar $TELEBIT_RELAY_PATH/$my_repo/* $TELEBIT_RELAY_PATH/ > /dev/null
rm -rf $TELEBIT_RELAY_PATH/$my_bin
elif [ -n "$my_tar" ]; then
rm -f $my_tmp/$my_app-$my_tree.tar.gz
http_get https://git.coolaj86.com/coolaj86/$my_repo/archive/$my_tree.tar.gz $my_tmp/$my_app-$my_tree.tar.gz
ls -lah $my_tmp/$my_app-$my_tree.tar.gz
$my_tar -xzf $my_tmp/$my_app-$my_tree.tar.gz --strip 1 -C $TELEBITD_PATH/
$my_tar -xzf $my_tmp/$my_app-$my_tree.tar.gz --strip 1 -C $TELEBIT_RELAY_PATH/
else
echo "Neither tar nor unzip found. Abort."
exit 13
fi
set -e
pushd $TELEBITD_PATH >/dev/null
pushd $TELEBIT_RELAY_PATH >/dev/null
$my_npm install >/dev/null 2>/dev/null
popd >/dev/null
cat << EOF > $TELEBITD_PATH/bin/$my_app
cat << EOF > $TELEBIT_RELAY_PATH/bin/$my_app
#!/bin/bash
$my_node $TELEBITD_PATH/bin/$my_bin
$my_node $TELEBIT_RELAY_PATH/bin/$my_bin
EOF
chmod a+x $TELEBITD_PATH/bin/$my_app
echo "sudo ln -sf $TELEBITD_PATH/bin/$my_app /usr/local/bin/$my_app"
sudo ln -sf $TELEBITD_PATH/bin/$my_app /usr/local/bin/$my_app
chmod a+x $TELEBIT_RELAY_PATH/bin/$my_app
echo "sudo ln -sf $TELEBIT_RELAY_PATH/bin/$my_app /usr/local/bin/$my_app"
sudo ln -sf $TELEBIT_RELAY_PATH/bin/$my_app /usr/local/bin/$my_app
set +e
if type -p setcap >/dev/null 2>&1; then
#echo "Setting permissions to allow $my_app to run on port 80 and port 443 without sudo or root"
echo "sudo setcap cap_net_bind_service=+ep $TELEBITD_PATH/bin/node"
sudo setcap cap_net_bind_service=+ep $TELEBITD_PATH/bin/node
echo "sudo setcap cap_net_bind_service=+ep $TELEBIT_RELAY_PATH/bin/node"
sudo setcap cap_net_bind_service=+ep $TELEBIT_RELAY_PATH/bin/node
fi
set -e
if [ -z "$(cat /etc/passwd | grep $my_user)" ]; then
echo "sudo adduser --home $TELEBITD_PATH --gecos '' --disabled-password $my_user"
sudo adduser --home $TELEBITD_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
echo "sudo adduser --home $TELEBIT_RELAY_PATH --gecos '' --disabled-password $my_user"
sudo adduser --home $TELEBIT_RELAY_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
fi
if [ ! -f "/etc/$my_user/$my_app.yml" ]; then
if [ ! -f "/opt/$my_app/etc/$my_app.yml" ]; then
echo "### Creating config file from template. sudo may be required"
#echo "sudo rsync -a examples/$my_app.yml /etc/$my_user/$my_app.yml"
sudo bash -c "echo 'email: $my_email' >> /etc/$my_user/$my_app.yml"
sudo bash -c "echo 'secret: $my_secret' >> /etc/$my_user/$my_app.yml"
sudo bash -c "echo 'servernames: [ $my_servername ]' >> /etc/$my_user/$my_app.yml"
sudo bash -c "cat examples/$my_app.yml.tpl >> /etc/$my_user/$my_app.yml"
#echo "sudo rsync -a examples/$my_app.yml /opt/$my_app/etc/$my_app.yml"
sudo bash -c "echo 'email: $my_email' >> /opt/$my_app/etc/$my_app.yml"
sudo bash -c "echo 'secret: $my_secret' >> /opt/$my_app/etc/$my_app.yml"
sudo bash -c "echo 'servernames: [ $my_servername ]' >> /opt/$my_app/etc/$my_app.yml"
sudo bash -c "cat examples/$my_app.yml.tpl >> /opt/$my_app/etc/$my_app.yml"
fi
echo "sudo chown -R $my_user '$TELEBITD_PATH' '/etc/$my_user'"
sudo chown -R $my_user "$TELEBITD_PATH" "/etc/$my_user"
echo "sudo chown -R $my_user '$TELEBIT_RELAY_PATH' '/opt/$my_app/etc'"
sudo chown -R $my_user "$TELEBIT_RELAY_PATH" "/opt/$my_app/etc"
echo "### Adding $my_app is a system service"
echo "sudo rsync -a $TELEBITD_PATH/dist/etc/systemd/system/$my_app.service /etc/systemd/system/$my_app.service"
sudo rsync -a $TELEBITD_PATH/dist/etc/systemd/system/$my_app.service /etc/systemd/system/$my_app.service
echo "sudo rsync -a $TELEBIT_RELAY_PATH/dist/etc/systemd/system/$my_app.service /etc/systemd/system/$my_app.service"
sudo rsync -a $TELEBIT_RELAY_PATH/dist/etc/systemd/system/$my_app.service /etc/systemd/system/$my_app.service
sudo systemctl daemon-reload
echo "sudo systemctl enable $my_app"
sudo systemctl enable $my_app
@ -201,7 +201,7 @@ echo "=============================================="
echo " Privacy Settings in Config"
echo "=============================================="
echo ""
echo "The example config file /etc/$my_user/$my_app.yml opts-in to"
echo "The example config file /opt/$my_app/etc/$my_app.yml opts-in to"
echo "contributing telemetrics and receiving infrequent relevant updates"
echo "(probably once per quarter or less) such as important notes on"
echo "a new release, an important API change, etc. No spam."
@ -218,13 +218,13 @@ echo "=============================================="
echo ""
echo "Edit the config and restart, if desired:"
echo ""
echo " sudo vim /etc/$my_user/$my_app.yml"
echo " sudo vim /opt/$my_app/etc/$my_app.yml"
echo " sudo systemctl restart $my_app"
echo ""
echo "Or disabled the service and start manually:"
echo ""
echo " sudo systemctl stop $my_app"
echo " sudo systemctl disable $my_app"
echo " $my_app --config /etc/$my_user/$my_app.yml"
echo " $my_app --config /opt/$my_app/etc/$my_app.yml"
echo ""
sleep 1

View File

@ -1,5 +1,5 @@
systemctl disable telebitd
systemctl stop telebitd
rm -rf /opt/telebitd/ /etc/system/systemd/telebitd.service /etc/telebit/ /usr/local/bin/telebitd
systemctl disable telebit-relay
systemctl stop telebit-relay
rm -rf /opt/telebit-relay/ /etc/system/systemd/telebit-relay.service /usr/local/bin/telebit-relay /etc/telebit/
userdel -r telebit
groupdel telebit

View File

@ -20,7 +20,7 @@ module.exports.create = function (state) {
SNICallback: function (servername, cb) {
if (!setupSniCallback) {
console.error("[setup.SNICallback] No way to get https certificates...");
cb(new Error("telebitd sni setup fail"));
cb(new Error("telebit-relay sni setup fail"));
return;
}
setupSniCallback(servername, cb);

View File

@ -1,17 +1,17 @@
{
"name": "telebitd",
"version": "0.12.0",
"name": "telebit-relay",
"version": "0.12.1",
"description": "Friends don't let friends localhost. Expose your bits with a secure connection even from behind NAT, Firewalls, in a box, with a fox, on a train or in a plane... or a Raspberry Pi in your closet. An attempt to create a better localtunnel.me server, a more open ngrok. Uses Automated HTTPS (Free SSL) via ServerName Indication (SNI). Can also tunnel tls and plain tcp.",
"main": "lib/relay.js",
"bin": {
"telebitd": "bin/telebitd.js"
"telebit-relay": "bin/telebit-relay.js"
},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"repository": {
"type": "git",
"url": "https://git.coolaj86.com/coolaj86/telebitd.js.git"
"url": "https://git.coolaj86.com/coolaj86/telebit-relay.js.git"
},
"keywords": [
"http",
@ -33,9 +33,9 @@
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
"license": "(MIT OR Apache-2.0)",
"bugs": {
"url": "https://git.coolaj86.com/coolaj86/telebitd.js/issues"
"url": "https://git.coolaj86.com/coolaj86/telebit-relay.js/issues"
},
"homepage": "https://git.coolaj86.com/coolaj86/telebitd.js",
"homepage": "https://git.coolaj86.com/coolaj86/telebit-relay.js",
"dependencies": {
"bluebird": "^3.5.1",
"cluster-store": "^2.0.8",