Tunnel is a project written in go to create L4 tunnels to your local host automatically.
The tunnelctl create host
command will provision a new server in DigitalOcean and install envoy;
this will be your public proxy and will be configured to forward requests to an internal port.
Once the public host is created, from the local machine you want to expose, running tunneld
will create and maintain
a ssh tunnel to the public host to tunnel the requests from envoy to your local address.
curl -L https://raw.githubusercontent.com/costap/tunnel/master/scripts/install.sh | sudo bash -
The below example will proxy ports 443 and 6443 from the public host to local addresses 127.0.0.1:443 and 127.0.0.1:6443.
- setup a config file in
~/.tunnelctl.yaml
likeconfigs/tunnelctl.yaml
with your DigitalOcean API token - create ssh keys pair if you don't have one
tunnelctl keys create -p ~/.ssh -n id_rsa_tunnel
- create public host in DO
tunnelctl hosts create -p ~/.ssh --sshName id_rsa_tunnel --proxy 443:10443 --proxy 6443:16443 --name tunnel-proxy
take note of new host external IP and replace below
- start the tunnels on your local machine
nohup tunneld -c ~/.ssh/id_rsa_tunnel \
--sshServer root@<NEWHOSTIP> \
--localAddr 127.0.0.1:443 \
--remoteAddr 0.0.0.0:10443 \
--adminPort 8080 > /dev/null 2>&1 &
nohup tunneld -c ~/.ssh/id_rsa_tunnel \
--sshServer root@<NEWHOSTIP> \
--localAddr 127.0.0.1:6443 \
--remoteAddr 0.0.0.0:16443 \
--adminPort 8081 > /dev/null 2>&1 &
- Check tunnels are ok
$ curl http://localhost:8080/health
{ "started": true }
$ curl http://localhost:8081/health
{ "started": true }
- Check external endpoints
$ curl https://<NEWHOSTIP>/ -k
$ curl https://<NEWHOSTIP>:6443/ -k
- Enjoy!
To build the project locally simply run make
.