root
/
telebit-relay.js
鏡像自 https://git.coolaj86.com/coolaj86/telebit-relay.js.git
2
0
Fork 0
程式碼 問題 版本發佈 Wiki 動態
Push-button DIY tunnel service. Run on your Raspberry Pi or VPS to create your own secure tunnel to access your devices from anywhere or simply to expose your localhost development to the outside world.
您最多能選擇 25 個主題 主題必須以字母或數字為開頭,可包含連接號「-」且最長為 35 個字元。
79 提交
1 分支
8 標籤
419 KiB
 
 
分支: master
分支 標籤
${ item.name }
建立標籤 ${ searchTerm }
建立分支 ${ searchTerm }
從「master」
${ noResults }
AJ ONeal 07965d8eac
move tls-unwrapping (it may be sharable with client) 		6 年前
bin begin install script 6 年前
dist/etc/systemd/system add stunneld.service for systemd 7 年前
lib move tls-unwrapping (it may be sharable with client) 6 年前
snippets fs cleanup 8 年前
.gitignore fs cleanup 8 年前
.jshintrc add .jshintrc 7 年前
LICENSE Initial commit 8 年前
README.md update links 6 年前
handlers.js make error messages hyper-focused and super specific 7 年前
package.json v0.10.0 6 年前
wstunneld.js move tls-unwrapping (it may be sharable with client) 6 年前

README.md

| Sponsored by ppl | tunnel-server.js | tunnel-client.js |

stunneld.js

A server that works in combination with stunnel.js to allow you to serve http and https from any computer, anywhere through a secure tunnel.

CLI

Installs as stunnel.js with the alias jstunnel (for those that regularly use stunnel but still like commandline completion).

Install

npm install -g stunneld

Then dist/etc/systemd/system/stunneld.service should be copied to /etc/systemd/system/stunneld.service and the ARGUMENTS, such as SECRET, MUST BE CHANGED.

TODO: make --config /path/to/config the only argument (and have the secret auto-generated on first run?)

Note: Use node.js v8.x

There is a bug in node v9.x that causes stunneld to crash.

https://github.com/nodejs/node/issues/20241

Advanced Usage

How to use stunnel.js with your own instance of stunneld.js:

stunneld.js --servernames tunnel.example.com --protocols wss --secret abc123

Options

--secret          the same secret used by stunnel client (used for authentication)
--serve           comma separated list of <proto>:<servername>:<port> to which
                  incoming http and https should be forwarded

Privileged Ports without sudo

# Linux
sudo setcap 'cap_net_bind_service=+ep' $(which node)

Alterntive Methods

NOT YET IMPLEMENTED

We created this for anyone to use on their own server or VPS, but those generally cost $5 - $20 / month and so it's probably cheaper to purchase data transfer (which we supply, obviously), which is only $1/month for most people.

Just use the client (stunnel.js) with this tunneling service (the default) and save yourself the monthly fee by only paying for the data you need.

* Node WS Tunnel (zero setup)
* Heroku (zero cost)
* Chunk Host (best deal per TB/month)

Security

The bottom line: As with everything in life, there is no such thing as anonymity or absolute security. Only use stunneld services that you trust. :D

Even though the traffic is encrypted end-to-end, you can't just trust any stunneld service willy-nilly.

A man-in-the-middle attack is possible using Let's Encrypt since an evil stunneld service would be able to complete the http-01 and tls-sni-01 challenges without a problem (since that's where your DNS is pointed when you use the service).

Also, the traffic could still be copied and stored for decryption is some era when quantum computers exist (probably never).