Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/quark-zju/node-tcp-via-http

TCP port forwarding via HTTP
https://github.com/quark-zju/node-tcp-via-http

Last synced: 3 months ago
JSON representation

TCP port forwarding via HTTP

Awesome Lists containing this project

README 

        
node-tcp-via-http

=================



Simple but practical tcp-to-http-to-tcp [node.js](http://nodejs.org/) script.

It's now easy to SSH to a firewalled server with only one HTTP port available.

Just run server.js on the server and run client.js on the client:



      +--------------+

      |  tcp client  | ssh localhost -p 8124

      +--------------+

             v

      +--------------+

      | http client  | client.js //bob:8080/ssh

      | & tcp server |   tcp server at :8124

      +--------------+

             |                     alice

    -------- | ------------------------------------

             v                      bob

      +--------------+ server.js

      | http server  |   http server at :8080

      | & tcp client |     /ssh -> localhost:22

      +--------------+     /foo -> localhost:400

             v

      +--------------+

      |  tcp server  | sshd

      +--------------+



Configuration

-------------

Just modify `config` object in both scripts.



Work with other HTTP services

-----------------------------

You can use a [patched](http://yaoweibin.cn/patches/) [nginx](https://github.com/quark-zju/nginx/tree/req-no-buffer) to route requests to different backends, for example:



    server {

      # ...

      location /ssh {

        # 'proxy_request_buffering' is not supported by official nginx.

        # Check Weibin Yao's patch at http://yaoweibin.cn/patches/

        send_timeout 3600s;

        proxy_read_timeout 3600s;

        client_body_timeout 3600s;

        proxy_request_buffering off;

        client_body_postpone_size 0;

        proxy_buffering off;

        proxy_set_header CLIENT_IP $remote_addr;

        proxy_set_header Transfer-Encoding 'chunked';

        proxy_set_header Connection 'keep-alive';

        proxy_pass http://127.0.0.1:8080;

      }

    }



It's recommended to set `config.bind.host` to `127.0.0.1` under this configuration.



Will sshd see all the connections from 127.0.0.1?

-------------------------------------------------

No for ipv4. server.js will take the advantage of `127.0/8` subnet and change `localAddress` according to the first 3 numbers of the remote ipv4 address.

For example, if the client has the address `123.45.67.8`, sshd will see `127.123.45.67`. This makes [sshguard](https://github.com/schmurfy/sshguard) continue to work to some extent (NOTE: sshguard may have a whitelist, check `/etc/sshguard/whitelist`).

If the request is routed through nginx, `CLIENT_IP` header can be used to specify a real IP address.



Related projects

----------------

* [GNU httptunnel](http://www.nocrew.org/software/httptunnel.html)