AJ ONeal 9fa5f60b57 | ||
---|---|---|
client | ||
cmd | ||
examples | ||
html/admin | ||
log | ||
mgmt | ||
mplexer | ||
packer | ||
relay | ||
rvpn-docker | ||
sni | ||
table | ||
tools | ||
vendor | ||
.gitignore | ||
.ignore | ||
.jshintrc | ||
.prettierrc | ||
LICENSE | ||
README.md | ||
build-client.sh | ||
build-mgmt.sh | ||
build-relay.sh | ||
debug.sh | ||
go.mod | ||
go.sum |
README.md
Telebit
A secure, end-to-end Encrypted tunnel.
Because friends don't let friends localhost.
Install Go
Installs Go to ~/.local/opt/go
for MacOS and Linux:
curl https://webinstall.dev/golang | bash
For Windows, see https://golang.org/dl
Note: The minimum required go version is shown in go.mod
. DO NOT use with GOPATH
!
Relay Server
All dependencies are included, at the correct version in the ./vendor
directory.
go generate ./...
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod vendor -o telebit-relay-linux ./cmd/telebit-relay/*.go
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -mod vendor -o telebit-relay-macos ./cmd/telebit-relay/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -o telebit-relay-windows-debug.exe ./cmd/telebit-relay/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -ldflags "-H windowsgui" -o telebit-relay-windows.exe ./cmd/telebit-relay/*.go
Configure
Command-line flags or .env
may be used.
See ./telebit-relay --help
for all options, and examples/relay.env
for their corresponding ENVs.
Example
./telebit-relay --acme-agree=true --auth-url=http://localhost:3010/api
Copy examples/relay.env
as .env
in the working directory.
Management Server
pushd mplexy/
go generate ./...
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod vendor -o mgmt-server-linux ./cmd/mgmt/*.go
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -mod vendor -o mgmt-server-macos ./cmd/mgmt/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -o mgmt-server-windows-debug.exe ./cmd/mgmt/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -ldflags "-H windowsgui" -o mgmt-server-windows.exe ./cmd/mgmt/*.go
Example
./telebit-mgmt --domain devices.example.com --port 3010
Copy examples/mgmt.env
as .env
in the working directory.
Device Management API
Create a token with the same SECRET
used with the mgmt
server,
and add a device by its subdomain
.
SECRET="xxxxxxxxxxx"
TOKEN=$(go run -mod=vendor cmd/signjwt/*.go $SECRET)
Authorize a device:
my_subdomain="xxxx"
my_mgmt_host=http://mgmt.example.com:3010
curl -X POST $my_mgmt_host/api/devices \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{ "slug": "'$my_subdomain'" }'
{ "shared_key": "ZZZZZZZZ" }
Show data of a single device
my_subdomain="xxxx"
curl -L http://mgmt.example.com:3010/api/devices/${my_subdomain} -H "Authorization: Bearer ${TOKEN}"
{ "subdomain": "sub1", "updated_at": "2020-05-20T12:00:01Z" }
Get a list of connected devices:
curl -L http://mgmt.example.com:3010/api/devices -H "Authorization: Bearer ${TOKEN}"
[{ "subdomain": "sub1", "updated_at": "2020-05-20T12:00:01Z" }]
Get a list of disconnected devices:
curl -L http://mgmt.example.com:3010/api/devices?inactive=true -H "Authorization: Bearer ${TOKEN}"
Deauthorize a device:
my_subdomain="xxxx"
curl -L -X DELETE http://mgmt.example.com:3010/api/devices/${my_subdomain} -H "Authorization: Bearer ${TOKEN}"
Relay Client
All dependencies are included, at the correct version in the ./vendor
directory.
pushd mplexy/
go generate ./...
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod vendor -o telebit-client-linux ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -mod vendor -o telebit-client-macos ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -o telebit-client-windows-debug.exe ./cmd/telebit/*.go
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -mod vendor -ldflags "-H windowsgui" -o telebit-client-windows.exe ./cmd/telebit/*.go
Configure
Command-line flags or .env
may be used.
See ./telebit-client --help
for all options, and examples/client.env
for their corresponding ENVs.
Example
./telebit-client --acme-agree=true \
--relay wss://devices.example.com \
--app-id test-id --secret ZR2rxYmcKJcmtKgmH9D5Qw \
--acme-relay http://mgmt.example.com:3010/api/dns \
--auth-url http://mgmt.example.com:3010/api \
--locals http://xxx.devices.example.com:8080,https://xxx.devices.example.com:8080
Local Web Application
Currently only raw TCP is tunneled.
This means that either the application must handle and terminate encrypted TLS connections, or use HTTP (instead of HTTPS). This will be available in the next release.
mkdir -p tmp-app
pushd tmp-app/
cat << EOF > index.html
Hello, World!
EOF
python3 -m http.server 3000