Minimal, self-hosted, 0-config alternative to ngrok. Caddy+OpenSSH+50 lines of Python.

Related tags

NetworkingSirTunnel
Overview

What is it?

If you have a webserver running on one computer (say your development laptop), and you want to expose it securely (ie HTTPS) via a public URL, SirTunnel allows you to easily do that.

How do you use it?

If you have:

  • A SirTunnel server instance listening on port 443 of example.com.
  • A copy of the sirtunnel.py script available on the PATH of the server.
  • An SSH server running on port 22 of example.com.
  • A webserver running on port 8080 of your laptop.

And you run the following command on your laptop:

ssh -tR 9001:localhost:8080 example.com sirtunnel.py sub1.example.com 9001

Now any requests to https://sub1.example.com will be proxied to your local webserver.

How does it work?

The command above does 2 things:

  1. It starts a standard remote SSH tunnel from the server port 9001 to local port 8080.
  2. It runs the command sirtunnel.py sub1.example.com 9001 on the server. The python script parses sub1.example.com 9001 and uses the Caddy API to reverse proxy sub1.example.com to port 9001 on the server. Caddy automatically retrieves an HTTPS cert for sub1.example.com.

Note: The -t is necessary so that doing CTRL-C on your laptop stops the sirtunnel.py command on the server, which allows it to clean up the tunnel on Caddy. Otherwise it would leave sirtunnel.py running and just kill your SSH tunnel locally.

How is it different?

There are a lot of solutions to this problem. In fact, I've made something of a hobby of maintaining a list of the ones I've found so far.

The main advantages of SirTunnel are:

  • Minimal. It leverages Caddy and whatever SSH server you already have running on your server. Other than that, it consists of a 50-line Python script on the server. That's it. Any time you spend learning to customize and configure it will be time well spent because you're learning Caddy and your SSH server.
  • 0-configuration. There is no configuration on the server side. Not even CLI arguments.
  • Essentially stateless. The only state is the certs (which is handled entirely by Caddy) and the tunnel mappings, which are ephemeral and controlled by the clients.
  • Automatic HTTPS certificate management. Some other solutions do this as well, so it's important but not unique.
  • No special client is required. You can use any standard SSH client that supports remote tunnels. Again, this is not a unique feature.

Running the server

Assuming you already have an ssh server running, getting the SirTunnel server going consists of simply downloading a copy of Caddy and running it with the provided config. Take a look at install.sh and run_server.sh for details.

Note: Caddy needs to bind to port 443, either by running as root (not recommended), setting the CAP_NET_BIND_SERVICE capability on the Caddy binary (what the install.sh script does), or changing caddy_config.json to bind to a different port (say 9000) and using something like iptables to forward to that port.

Future Features

SirTunnel is intended to be a minimal tool. As such, I'm unlikely to add many features moving forward. However, the simplicity makes it easier to modify for your needs. For example, see this fork which adds functionality to help multiple users avoid overwriting each others' tunnels:

https://github.com/matiboy/SirTunnel

Owner
Anders Pitman
Anders Pitman
This tool will scans your wi-fi/wlan and show you the connected clients

This tool will scans your wi-fi/wlan and show you the connected clients

VENKAT SAI SAGAR 3 Mar 24, 2022
Asyncer, async and await, focused on developer experience

Asyncer, async and await, focused on developer experience. Documentation: https:

Sebastián Ramírez 895 Dec 28, 2022
A repository dedicated to IoT(internet of things ) and python scripts

📑 Introduction Week of Learning is a weekly program in which you will get all the necessary knowledge about Circuit-Building, Arduino and Micro-Contr

27 Nov 22, 2022
Arp-spoofing, this script was written for people who want to spoof any vulnerable machine such as Wİndows, of course it could have been more sophisticatedly created but these repos will be updated constantly

ARP-SPOOF ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area net

2 Dec 28, 2021
syncio: asyncio, without await

syncio: asyncio, without await asyncio can look very intimidating to newcomers, because of the async/await syntax. Even experienced programmers can ge

David Brochart 10 Nov 21, 2022
API Server for VoIP analysis (CDR + Audio CODECs)

Swagger generated server Overview This server was generated by the swagger-codegen project. By using the OpenAPI-Spec from a remote server, you can ea

Noor Muhammad Malik 1 Jan 11, 2022
Nautobot is a Network Source of Truth and Network Automation Platform.

Nautobot is a Network Source of Truth and Network Automation Platform. Nautobot was initially developed as a fork of NetBox (v2.10.4). Nautobot runs as a web application atop the Django Python framew

Nautobot 549 Dec 31, 2022
A database-based CDN node supporting PostgreSQL and MongoDB backends.

A simple to use database-based deployable CDN node for hobbyist developers who wish to have their own CDN!

Vish M 10 Nov 19, 2022
SonicWall SSL-VPN Exploit

VisualDoor SonicWall SSL-VPN Exploit, as used by Phineas Fisher to hack Cayman Trust Bank and Hacking Team.

169 Nov 15, 2022
Utility for converting IP Fabric webhooks into a Teams format.

IP Fabric Webhook Integration for Microsoft Teams Setup IP Fabric Setup Go to Settings Webhooks Add webhook Provide a name URL will be: 'http://Y

Community Fabric 1 Jan 26, 2022
This is simple script that changes the config register of a cisco router over serial so that you can reset the password

Cisco-router-config-bypass-tool- This is simple script that changes the config register of a cisco router over serial so that you can bypass the confi

James 1 Jan 02, 2022
Repo used to maintain all notes and scripts developed during my DevNet Expert studies

DevNet Expert Studies Exam Date: TBD (Waiting for registration to open) This repository will be used to track my progress and maintain all notes/scrip

Dan 32 Dec 11, 2022
openPortScanner is a port scanner made with Python!

Port Scanner made with python • Installation • Usage • Commands Installation Run this to install: $ git clone https://github.com/Miguel-Galdin0/openPo

Miguel Galdino 7 Jan 09, 2022
A Calendar subscribe server for python

cn-holiday-ics-server A calendar subscribe server 直接使用我搭建的服务 订阅节假日:https://cdxy.fun:9999/holiday 订阅调休上班:https://cdxy.fun:9999/workday 节假日和调休上班在一起的版本:h

CD 11 Nov 12, 2022
ThorFI: A Novel Approach for Network Fault Injection as a Service

ThorFI: a Novel Approach for Network Fault Injection as a Service This repo includes ThorFI, a novel fault injection solution for virtual networks in

DESSERT research lab (Federico II University of Naples, Italy) 6 Dec 14, 2022
BLE parser for passive BLE advertisements

This pypi package is parsing BLE advertisements to readable data for several sensors and can be used for device tracking, as long as the MAC address is static. The parser was originally developed as

Ernst Klamer 19 Dec 26, 2022
Control your Puffco Peak Pro from your computer!

PuffcoPC Control your Puffco Peak Pro from your computer! Contributions Pull requests are welcome. For major changes, please open an issue first to di

Bryan Muschter 5 Nov 02, 2022
pyngrok is a Python wrapper for ngrok

pyngrok is a Python wrapper for ngrok that manages its own binary, making ngrok available via a convenient Python API.

Alex Laird 329 Dec 31, 2022
Dokumentasi belajar Network automation

Repositori belajar network automation dengan Docker, Python & GNS3 Using Frameworks and integrate with: Paramiko Netmiko Telnetlib CSV SFTP Netmiko, S

Daniel.Pepuho 3 Mar 15, 2022
A pure python implementation of multicast DNS service discovery

python-zeroconf Documentation. This is fork of pyzeroconf, Multicast DNS Service Discovery for Python, originally by Paul Scott-Murphy (https://github

Jakub Stasiak 483 Dec 29, 2022