https://github.com/Eugeny/tabby-connection-gateway

Connection gateway for Tabby Web
https://github.com/Eugeny/tabby-connection-gateway

Last synced: about 2 months ago
JSON representation

Connection gateway for Tabby Web

• Host: GitHub
• URL: https://github.com/Eugeny/tabby-connection-gateway
• Owner: Eugeny
• License: mit
• Created: 2021-07-11T20:28:34.000Z (about 3 years ago)
• Default Branch: master
• Last Pushed: 2024-03-20T19:59:25.000Z (6 months ago)
• Last Synced: 2024-07-05T11:58:02.121Z (3 months ago)
• Language: Python
• Homepage: https://tabby.sh
• Size: 24.4 KB
• Stars: 102
• Watchers: 4
• Forks: 20
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Tabby Connection Gateway

This is the connection gateway service that Tabby Web uses.

It's a Websocket → TCP gateway that allows Tabby to initiate arbitrary network connections from a browser.

You can host one yourself to prevent the connection traffic from going through the central connection gateway that I'm hosting.

Once started, you'll just need to enter your gateway URL and a secret token in the Tabby Web settings, and all future connections will go straight through your own gateway.

## Getting started (Docker)

```bash

docker pull ghcr.io/eugeny/tabby-connection-gateway:latest

docker run -e TABBY_AUTH_TOKEN=secret123 -p 9000:9000 ghcr.io/eugeny/tabby-connection-gateway:master --token-auth --host 0.0.0.0

```

## Getting started (Docker-compose)

```version: '3.3'

services:

    eugeny:

        command: --token-auth --host 0.0.0.0

        environment:

            - TABBY_AUTH_TOKEN=XXX

        ports:

            - 9000:9000

        image: 'ghcr.io/eugeny/tabby-connection-gateway:master'

```

If using ssl add ```--port 443``` to commnd line & change ports to ```-9000:443```       

        

## Getting started (native)

```bash

pip3 install tabby-connection-gateway

```

## Usage

TCG runs one Websocket listener for the incoming connections and one optional Websocket listener for management requests.

The management/admin listener is only used on Tabby Web's own managed gateways to authenticate new connections. For your local instance, you need to generate your own secret token and pass it via the `TABBY_AUTH_TOKEN` environment variable.

### Running with SSL

Note that if you're using Letsencrypt, you need to run the gateway on port 443 as they don't provide non-standard port certificates.

```sh

TABBY_AUTH_TOKEN="123..." tabby-connection-gateway --host 0.0.0.0 --port 443 --token-auth --certificate ssl.pem --key ssl.key

```

Connection gateway URL for Tabby settings: `wss://`

You could theoretically add `--ca ca.pem` to enable client certificate auth, but AFAIK browsers (at least Chrome) don't support it with Websockets.

### Running without SSL

```sh

TABBY_AUTH_TOKEN="123..." tabby-connection-gateway --host 0.0.0.0 --port 1234 --token-auth

```

Connection gateway URL for Tabby settings: `ws://:1234`

### Sample systemd unit

```ini

[Unit]

Description=Tabby Gateway

Requires=network-online.target

After=network-online.target

[Service]

Restart=always

ExecStart=/usr/local/bin/tabby-connection-gateway --host 0.0.0.0 --port 443 --certificate /etc/letsencrypt/live/my-host.com/fullchain.pem --private-key /etc/letsencrypt/live/my-host.com/privkey.pem --token-auth

Environment=TABBY_AUTH_TOKEN=123...

StandardOutput=syslog

StandardError=syslog

[Install]

WantedBy=multi-user.target

```

### All options

```markdown

tabby-connection-gateway 

optional arguments:

  --host HOST           address to listen on (default: 127.0.0.1)

  --port PORT           port to listen on (default: 9000)

  --certificate PATH    path to the SSL certificate. Enables SSL (default:

                        None)

  --private-key PATH

  --ca PATH             path to the CA certificate. Enables SSL client auth

                        (default: None)

  --no-auth             disables auth completely

  --token-auth          enables token based auth using the token from the

                        TABBY_AUTH_TOKEN env var (default: False)

  --admin-host ADMIN_HOST

                        address to listen on for management requests (default:

                        127.0.0.1)

  --admin-port ADMIN_PORT

                        port to listen on for management requests (default:

                        None)

  --admin-certificate PATH

                        path to the SSL certificate for the management server

                        (default: None)

  --admin-private-key PATH

  --admin-ca PATH       path to the CA certificate for the management server

                        (default: None)

```