wmantly/proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
24 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
William Mantly f3760e9ee7 Update 'api.md'
2018-02-14 18:56:46 +00:00
bin
frist pass
2018-02-13 19:58:47 -05:00
middleware
removed packages
2018-02-14 12:25:36 -05:00
models
removed packages
2018-02-14 12:25:36 -05:00
routes
removed packages
2018-02-14 12:25:36 -05:00
.gitignore
Initial commit
2018-02-06 05:38:10 +00:00
api.md
Update 'api.md'
2018-02-14 18:56:46 +00:00
app.js
removed packages
2018-02-14 12:25:36 -05:00
LICENSE
Initial commit
2018-02-06 05:38:10 +00:00
package-lock.json
added forever
2018-02-14 13:07:01 -05:00
package.json
added forever
2018-02-14 13:07:01 -05:00
README.md
Update 'README.md'
2018-02-14 18:14:49 +00:00
redis.js
removed packages
2018-02-14 12:25:36 -05:00
ssh-keygen
frist pass
2018-02-13 19:58:47 -05:00

README.md

proxy

API docs

API dpcs

Server set up

The server requires:

  • NodeJS 8.x
  • open ssh server(any modern version will do)
  • inbound Internet access
  • redis
  • lua rocks

This has been tested on ubuntu 16.04, but should work on any modern Linux distro. It used the Linux users for its user management, so this will ONLY work on Linux, no macOS, BSD or Windows.

The steps below are for a new ubuntu server, they should be mostly the same for other distros, but the paths and availability of packages may vary.

  • Install other These packages are needed for the PAM node package

    apt install libpam0g-dev build-essential

  • Install open ssh server

    apt install ssh

  • Install openresty

    OpenResty® Linux Packages

  • Install redis

    apt install redis-server

  • install lua plugin

apt install luarocks
sudo luarocks install lua-resty-auto-ssl
  • openresty config

Set up fail back SSL certs

mkdir /etc/ssl/

openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509   -subj '/CN=sni-support-required-for-valid-ssl'   -keyout /etc/ssl/resty-auto-ssl-fallback.key   -out /etc/ssl/resty-auto-ssl-fallback.crt

openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509   -subj '/CN=sni-support-required-for-valid-ssl'   -keyout /etc/ssl/resty-auto-ssl-fallback.key   -out /etc/ssl/resty-auto-ssl-fallback.crt

change the /etc/openresty/nginx.conf to have this config

#user  nobody;
worker_processes 4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    client_max_body_size 4g;


    lua_shared_dict auto_ssl 100m;
    lua_shared_dict auto_ssl_settings 64k;

    resolver 8.8.4.4 8.8.8.8;

    init_by_lua_block {
        auto_ssl = (require "resty.auto-ssl").new()
	auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
        auto_ssl:set("allow_domain", function(domain)
            return true
        end)
        auto_ssl:init()
    }

    init_worker_by_lua_block {
      auto_ssl:init_worker()
    }

    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;

    server {
      listen 127.0.0.1:8999;

      # Increase the body buffer size, to ensure the internal POSTs can always
      # parse the full POST contents into memory.
      client_body_buffer_size 128k;
      client_max_body_size 128k;

      location / {
        content_by_lua_block {
          auto_ssl:hook_server()
        }
      }
    }

    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    include sites-enabled/*;

}

add the SSL config file /etc/openresty/autossl.conf

  ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers  on;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

  ssl_certificate_by_lua_block {
    auto_ssl:ssl_certificate()
  }

  location /.well-known/acme-challenge/ {
    content_by_lua_block {
      auto_ssl:challenge_server()
    }
  }

  ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
  ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

Add the proxy config /etc/openresty/sites-enabled/000-proxy

server {
	listen 80;
	listen 443 ssl;

	include autossl.conf;

	location / {
		resolver 10.0.3.1;  #8.8.4.4;  # use Google's open DNS server

		set $target '';
		access_by_lua '
		    local key = ngx.var.host
		    if not key then
			ngx.log(ngx.ERR, "no user-agent found")
			return ngx.exit(400)
		    end

		    local redis = require "resty.redis"
		    local red = redis:new()

		    red:set_timeout(1000) -- 1 second

		    local ok, err = red:connect("127.0.0.1", 6379)
		    if not ok then
			ngx.log(ngx.ERR, "failed to connect to redis: ", err)
			return ngx.exit(500)
		    end

		    local host, err = red:hget("proxy_host_"..key, "ip")
		    if not host then
			ngx.log(ngx.ERR, "failed to get redis key: ", err)
			return ngx.exit(500)
		    end

		    if host == ngx.null then
			ngx.log(ngx.ERR, "no host found for key ", key)
			return ngx.exit(400)
		    end
		    ngx.log(ngx.WARN, "==Found match!!!  ", key, host)
		    ngx.var.target = host
		';


		proxy_pass http://$target;
		proxy_set_header X-Real-IP  $remote_addr;
		proxy_set_header X-Forwarded-For  $remote_addr;
		proxy_set_header Host $host;
		add_header X-Target-Host $target;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}
}

ref

https://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html https://github.com/GUI/lua-resty-auto-ssl

Description
No description provided
Readme 506 KiB
Languages
JavaScript 100%