jshaver
/
goldilocks.js
forked from coolaj86/goldilocks.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added documentation for the new tcp.proxy module

This commit is contained in:
tigerbot 2017-10-26 15:44:19 -06:00
parent 138f59bea3
commit b44ad7b17a
1 changed files with 68 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
README.md
View File

@ -64,13 +64,15 @@ some of which have modules:
- [proxy (reverse proxy)](#tlsproxy) - [proxy (reverse proxy)](#tlsproxy)
- [acme](#tlsacme) - [acme](#tlsacme)
* [tcp](#tcp) * [tcp](#tcp)
- [proxy](#tcpproxy)
- [forward](#tcpforward) - [forward](#tcpforward)
* [udp](#udp) * [udp](#udp)
- [forward](#udpforward) - [forward](#udpforward)
* [domains](#domains) * [domains](#domains)
* [tunnel_server](#tunnel_server) * [tunnel_server](#tunnel_server)
* [DDNS](#ddns)
* [tunnel_client](#tunnel) * [tunnel_client](#tunnel)
* [mdns](#mdns) * [mDNS](#mdns)
* [socks5](#socks5) * [socks5](#socks5)
* api * api
@ -294,6 +296,37 @@ tcp:
address: '127.0.0.1:2222' address: '127.0.0.1:2222'
``` ```
### tcp.proxy
The proxy module routes traffic based on the servername contained in a SNI header.
As such this only works to route TCP connections wrapped in a TLS stream.
It has the same options as the [HTTP proxy module](#httpproxy-how-to-reverse-proxy-ruby-python-etc).
Example config:
```yml
tcp:
modules:
- type: proxy
domains:
- ssh.example.com
port: 22
```
In order to use this to route SSH connections you will need to use `ssh`'s
`ProxyCommand` option. For example to ssh into `ssh.example.com` you could use
the following command.
```bash
ssh user@ssh.example.com -o ProxyCommand='openssl s_client -quiet -connect ssh.example.com:443 -servername ssh.example.com'
```
Alternatively you could add the following lines to your ssh config file.
```
Host ssh.example.com
ProxyCommand openssl s_client -quiet -connect ssh.example.com:443 -servername ssh.example.com
```
### tcp.forward ### tcp.forward
The forward module routes traffic based on port number **without decrypting** it. The forward module routes traffic based on port number **without decrypting** it.
@ -366,27 +399,45 @@ udp:
To reduce repetition defining multiple modules that operate on the same domain To reduce repetition defining multiple modules that operate on the same domain
name the `domains` field can define multiple modules of multiple types for a name the `domains` field can define multiple modules of multiple types for a
single list of names. The modules defined this way do not need to have their single list of names. The modules defined this way do not need to have their
own `domains` field. own `domains` field. Note that the [tcp.forward](#tcpforward) module is not
allowed in a domains group since its routing is not based on domains.
Example Config Example Config
```yml ```yml
domains: domains:
names: - names:
- example.com - example.com
- www.example.com - www.example.com
- api.example.com - api.example.com
modules: modules:
tls: tls:
- type: acme - type: acme
email: joe.schmoe@example.com email: joe.schmoe@example.com
challenge_type: 'http-01' challenge_type: 'http-01'
http: http:
- type: redirect - type: redirect
from: /deprecated/path from: /deprecated/path
to: /new/path to: /new/path
- type: proxy - type: proxy
port: 3000 port: 3000
dns:
- type: 'dns@oauth3.org'
token_id: user_token_id
- names:
- ssh.example.com
modules:
tls:
- type: acme
email: john.smith@example.com
challenge_type: 'http-01'
tcp:
- type: proxy
port: 22
dns:
- type: 'dns@oauth3.org'
token_id: user_token_id
``` ```