Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/codepr/aiotunnel
HTTP tunnel on top of aiohttp and asyncio
https://github.com/codepr/aiotunnel
asyncio http http-tunnel https port-forward port-forwarding python tunnel
Last synced: 3 months ago
JSON representation
HTTP tunnel on top of aiohttp and asyncio
- Host: GitHub
- URL: https://github.com/codepr/aiotunnel
- Owner: codepr
- License: bsd-3-clause
- Created: 2018-10-14T16:26:19.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2020-07-07T16:13:17.000Z (over 4 years ago)
- Last Synced: 2024-04-24T13:19:30.352Z (7 months ago)
- Topics: asyncio, http, http-tunnel, https, port-forward, port-forwarding, python, tunnel
- Language: Python
- Size: 32.2 KB
- Stars: 31
- Watchers: 6
- Forks: 6
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGES.md
- License: LICENSE
Awesome Lists containing this project
- awesome-network-stuff - **14**星
README
Aiotunnel
=========
[](https://www.python.org/downloads/release/python-370/)
Yet another HTTP tunnel, supports two modes; a direct one which open a local
port on the host machine and redirect all TCP data to the remote side of the
tunnel, which actually connect to the desired URL. A second one which require
the client part to run on the target system we want to expose, the server side
on a (arguably) public machine (e.g. an AWS EC2) which expose a port to
communicate to our target system through HTTP.
## Quickstart
Let's suppose we have a machine located at `10.5.0.240` that we want to expose
SSH access and a server on which we have free access located at `10.5.0.10`; we
really don't know if port 22 on `10.5.0.240` is already exposed or if the IP
address will change, we actually don't care because once set the server
address, it will retrieve all incoming commands via HTTP GET requests to
our known server.
```
10.0.50.15 <----> (TCP) 8888:10.5.0.10:8080 (HTTP) <----> 10.5.0.240:22
```
So just run the `tunneld` on the server at `10.5.0.10` (you probably want to
daemonize it through NOHUP or by creating a systemd service) in reverse mode:
```sh
[email protected]:~$ aiotunnel server -r
======== Running on http://0.0.0.0:8080 ========
(Press CTRL+C to quit)
```
On the target machine at `10.5.0.240` run the client bound to the service we
want to expose (SSH in this case but could be anything):
```sh
[email protected]:~$ aiotunnel client --server-addr 10.5.0.10 --server-port 8080 -A localhost -P 22 -r
[2018-10-14 22:20:45,806] Opening a connection with 127.0.0.1:22 and 0.0.0.0:8888 over HTTP
[2018-10-14 22:20:45,831] 0.0.0.0:8888 over HTTP to http://10.5.0.10:8080/aiotunnel
[2018-10-14 22:20:45,832] Obtained a client id: aeb7cfc6-3de3-4bc1-b769-b81641d496eb
```
Now we're ready to open an SSH session to `10.5.0.10` even in the case of a
closed 22 port or a different IP address.
```sh
[email protected]:~$ ssh [email protected] -p 8888
Welcome to Linux 4.19.0-1-MANJARO
Last login: Thu Feb 11 17:28:20 2016
[email protected]:~$
```
A more common approach is to use the tunnel without `-r`/`--reverse` flag. In
this case we actually have the port 22 exposed on the target system, but our
network do not permit traffic over SSH. In this case we use a known server as a
proxy to demand the actual SSH connection to him, while we communicate with him
by using HTTP requests:
- `POST` to establish the connection
- `PUT` to send data
- `GET` to read responses
- `DELETE` to close the connection
So on our known server located at `10.5.0.10` we start a `tunneld` process
```sh
[email protected]:~$ aiotunnel server
======== Running on http://0.0.0.0:8080 ========
(Press CTRL+C to quit)
```
On the network-constrainted machine we start a `tunnel` instance
```sh
[email protected]:~$ aiotunnel -A 10.0.5.240 -P 22
[2018-10-15 00:58:41,744] Opening local port 8888 and 10.0.5.240:22 over HTTP
```
And we're good to go.
It's possible to use the `Dockerfile` to build an image and run it in a container, default start
with a command `aiotunnel server -r`, easily overridable.
```sh
[email protected]:~$ docker build -t aiotunnel /path/to/aiotunnel
[email protected]:~$ docker run --rm --network host aiotunnel aiotunnel client --server-addr 10.5.0.10 --server-port 8080 -A localhost -p 22 -r
```
### Security
`SSL/TLS` is supported, just set certificates cain and ca in the configuration or by the CLI process
to encrypt the communication and use HTTPS (defaulting on port 8443 instead of 8080)
```sh
[email protected]:~$ aiotunnel server -r --ca /path/to/ca.crt --cert /path/to/cert.crt --key
/path/to/keyfile.key
======== Running on https://0.0.0.0:8443 ========
```
And client side
```sh
[email protected]:~$ aiotunnel client -A 127.0.0.1 -P 22 --ca /path/to/ca.crt --cert
/path/to/cert.crt --key /path/to/keyfile.key
[2018-10-18 22:20:45,806] Opening a connection with 127.0.0.1:22 and 0.0.0.0:8888 over HTTPS
[2018-10-18 22:20:45,831] 0.0.0.0:8888 over HTTPS to https://10.5.0.10:8443/aiotunnel
[2018-10-18 22:20:45,832] Obtained a client id: aeb7dfc4-3da3-4wc1-b769-n81621db96eb
```
## Installation
Clone the repository and install it locally or play with it using `python -i` or `ipython`.
```
$ git clone https://github.com/codepr/aiotunnel.git
$ cd aiotunnel
$ pip install .
```
or, to skip cloning part
```
$ pip install git+https://github.com/codepr/aiotunnel.git@master#egg=aiotunnel
```
## Changelog
See the [CHANGES](CHANGES.md) file.