proxy

module

v0.2.2 Latest Latest Go to latest Published: Dec 11, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/deepsquare-io/proxy

Links

Open Source Insights

README ¶

DeepSquare Web3 Dynamic Reverse Proxy bypassing firewalls

Reverse HTTP/TCP proxy tunnel via SSH connections. Uses Web3 as authenticator.

Installation

Static binaries

Prebuilt binaries are available on the Github Releases tab.

Docker

docker pull ghcr.io/deepsquare-io/proxy-server:latest

Build from source

Build and install from Go:

# client
go install github.com/deepsquare-io/proxy/cmd/dpsproxy@latest
# server
go install github.com/deepsquare-io/proxy/cmd/dpsproxy-server@latest

Manually:

git clone https://github.com/deepsquare-io/proxy.git
cd proxy
make # outputs are located in the bin/ directory

Usage

Server

Create a .env or .env.local or set these environment variables:

## A 32 bytes hex secret (openssl rand -out - 32 | xxd -p -c 0)
CSRF_SECRET=cc15bd16819c6c9ab96f161dfab1adcf6ba98ccaf627a0d7de486d713341162c
## JWT secret for session tokens
JWT_SECRET=random
## Domain name used for HTTP redirections. (<subdomain>.example.com)
PUBLIC_DOMAIN=example.com
## Contains the SSH host keys
KEYS_DIR=./

#SSH_LISTEN_ADDRESS=:2200
#HTTP_LISTEN_ADDRESS=:3000

Run the binary:

./dpsproxy-server

The SSH server is running on 2200/tcp and HTTP on 3000/tcp.

You must use reverse proxy to add a SSL layer and forward to :80 and :443. If not, run with the --insecure to pass the CSRF token. I recommend to use Caddy as it is easy to use:

# /etc/caddy/Caddyfile
{
  auto_https disable_redirects
}

https://*.example.com {
  reverse_proxy localhost:3000

  tls marc.nguyen@deepsquare.io {
    dns googleclouddns { # There is a /etc/caddy/gcp.json
      gcp_project csquare
    }
  }
}

http://*.example.com {
  reverse_proxy localhost:3000
}

https://example.com {
  reverse_proxy localhost:3000

  tls marc.nguyen@deepsquare.io
}

http://example.com {
  reverse_proxy localhost:3000
}

Client

Go on the bore proxy web interface example.com.
Login with MetaMask and generate a route. You can retrieve the route too.

Expected routes will be shown:

Copy the token. This token will be used for login. Note that the allocation of the route doesn't expires, it is just the authentication token which only have 10 minutes.

If the token has expired, just "Retrieve Route" again.
Assuming:
- An application is running on 127.0.0.1:3000
- The bore proxy is running on example.com:2200
Run the client:
```
dpsproxy --reconnect --local.addr 127.0.0.1:300 --to.addr example.com:2200 --secret <token>
```

License

License is Apache 2.

Directories ¶

Path	Synopsis
api Package api is used to standardize SSH communications.	Package api is used to standardize SSH communications.
auth Package auth defines the authentication layer of the application.	Package auth defines the authentication layer of the application.
client
cmd
dpsproxy
dpsproxy-server
database The package database handles the methods and definition to manipulate a database.	The package database handles the methods and definition to manipulate a database.
nonce Package nonce handles the logic of a nonce.	Package nonce handles the logic of a nonce.
route Package route handles the logic of a route.	Package route handles the logic of a route.
handler
jwt Package jwt defines all the methods for JWT manipulation.	Package jwt defines all the methods for JWT manipulation.
ssh Package ssh is used to handle SSH connections and forwarding.	Package ssh is used to handle SSH connections and forwarding.
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL