Skip to content
/ proxy Public

A bore proxy with SSH tunneling and Web3 authentication (+anonymous). Made in Go and HTMX.

License

Apache-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

deepsquare-io/proxy

BranchesTags

Repository files navigation

DeepSquare Web3 Dynamic Reverse Proxy bypassing firewalls

Reverse HTTP/TCP proxy tunnel via SSH connections. Uses Web3 as authenticator.

Installation

Static binaries

Prebuilt binaries are available on the Github Releases tab.

Docker

docker pull ghcr.io/deepsquare-io/proxy-server:latest

Build from source

Build and install from Go:

# client
go install github.com/deepsquare-io/proxy/cmd/dpsproxy@latest
# server
go install github.com/deepsquare-io/proxy/cmd/dpsproxy-server@latest

Manually:

git clone https://github.com/deepsquare-io/proxy.git
cd proxy
make # outputs are located in the bin/ directory

Usage

Server

  1. Create a .env or .env.local or set these environment variables:

    ## A 32 bytes hex secret (openssl rand -out - 32 | xxd -p -c 0)
CSRF_SECRET=cc15bd16819c6c9ab96f161dfab1adcf6ba98ccaf627a0d7de486d713341162c
## JWT secret for session tokens
JWT_SECRET=random
## Domain name used for HTTP redirections. (<subdomain>.example.com)
PUBLIC_DOMAIN=example.com
## Contains the SSH host keys
KEYS_DIR=./

#SSH_LISTEN_ADDRESS=:2200
#HTTP_LISTEN_ADDRESS=:3000

  2. Run the binary:

    ./dpsproxy-server

    The SSH server is running on 2200/tcp and HTTP on 3000/tcp.

    You must use reverse proxy to add a SSL layer and forward to :80 and :443. If not, run with the --insecure to pass the CSRF token. I recommend to use Caddy as it is easy to use:

    # /etc/caddy/Caddyfile
{
  auto_https disable_redirects
}

https://*.example.com {
  reverse_proxy localhost:3000

  tls marc.nguyen@deepsquare.io {
    dns googleclouddns { # There is a /etc/caddy/gcp.json
      gcp_project csquare
    }
  }
}

http://*.example.com {
  reverse_proxy localhost:3000
}

https://example.com {
  reverse_proxy localhost:3000

  tls marc.nguyen@deepsquare.io
}

http://example.com {
  reverse_proxy localhost:3000
}

Client

  1. Go on the bore proxy web interface example.com.

  2. Login with MetaMask and generate a route. You can retrieve the route too.

    Expected routes will be shown:

    image-20231201221034783

    Copy the token. This token will be used for login. Note that the allocation of the route doesn't expires, it is just the authentication token which only have 10 minutes.

    If the token has expired, just "Retrieve Route" again.

  3. Assuming:

    • An application is running on 127.0.0.1:3000
    • The bore proxy is running on example.com:2200

    Run the client:

    dpsproxy --reconnect --local.addr 127.0.0.1:300 --to.addr example.com:2200 --secret <token>

License

License is Apache 2.

About

A bore proxy with SSH tunneling and Web3 authentication (+anonymous). Made in Go and HTMX.

Topics

go ssh proxy web3 bore htmx

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 4

v0.2.2 Latest
Dec 11, 2023
+ 3 releases

Packages

 
 
 

Languages