telebit/cmd/telebit
AJ ONeal a7f1398ba4
refactor!: external auth for ACME Challenges, and other mgmt routes
2022-06-07 02:38:49 -06:00
..
README.md WIP: fix http-01 challenges 2022-06-05 03:41:00 -06:00
telebit.go refactor!: external auth for ACME Challenges, and other mgmt routes 2022-06-07 02:38:49 -06:00

README.md

Telebit Relay

| Telebit Client | Telebit Relay | Telebit Mgmt |

Secure tunnel, relay, and reverse-proxy server.

Usage

Only port 443 must be public.

./telebit-relay --acme-http-01
# allow access to privileged ports
sudo setcap 'cap_net_bind_service=+ep' ./telebit-relay

Copy examples/relay.env as .env in the working directory.

# --secret
export SECRET=XxX-mgmt-secret-XxX
# --api-hostname
export API_HOSTNAME=tunnel.example.com
# --listen
export LISTEN=":443"
# --locals
export LOCALS=https:mgmt.example.com:6468
# --auth-url
export AUTH_URL=http://localhost:6468/api
# --proxy-http-01
export PROXY_HTTP_01=http://mgmt.example.com:6468
# --acme-agree
export ACME_AGREE=true
# --acme-email
export ACME_EMAIL=telebit@example.com
# --acme-relay
export ACME_RELAY_URL=http://localhost:6468/api/acme-relay

See ./telebit-relay --help for all options.
See examples/relay.env for detail explanations.

Note: It is not necessary to specify the --flags when using the ENVs.

API

Discovery

Each telebit relay with expose its discovery endpoint at

  • .well-known/telebit.app/index.json

The response will look something like

System Services

You can use serviceman to run postgres, telebit, and telebit-mgmt as system services

curl -fsS https://webinstall.dev/serviceman | bash

See the Cheat Sheet at https://webinstall.dev/serviceman

You can, of course, configure systemd (or whatever) by hand if you prefer.

API

List all connected devices

bash examples/admin-list-devices.sh
curl -L https://devices.example.com/api/subscribers -H "Authorization: Bearer ${TOKEN}"
{
    "success": true,
    "subscribers": [{ "since": "2020-07-22T08:20:40Z", "sub": "ruby", "sockets": ["73.228.72.97:50737"], "clients": 0 }]
}

Show connectivity, of a single device, if any

curl -L https://devices.example.com/api/subscribers -H "Authorization: Bearer ${TOKEN}"
{
    "success": true,
    "subscribers": [{ "since": "2020-07-22T08:20:40Z", "sub": "ruby", "sockets": ["73.228.72.97:50737"], "clients": 0 }]
}

Force a device to disconnect:

bash examples/admin-disconnect-device.sh

Build

You can build with go build:

go generate -mod vendor ./...
go build -mod vendor -race -o telebit-relay cmd/telebit/*.go

Or with goreleaser:

goreleaser --rm-dist --skip-publish --snapshot

Or cross-compile:

go generate -mod vendor ./...

CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod vendor -o telebit-relay-linux ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -mod vendor -o telebit-relay-macos ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -o telebit-relay-windows-debug.exe ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -ldflags "-H windowsgui" -o telebit-relay-windows.exe ./cmd/telebit/*.go