Open vercas opened 4 months ago
erebe
commented
4 months ago Hello,
Would you mind explaining how this facilitates the setup with a docker container ? If I am not mistaken, you can create a network namespace that you can share across multiple container.
vercas
commented
4 months ago It's for situations where you can't/won't put wstunnel and nginx in the same network namespace.
A common example is a bastion host - you want the reverse proxy container to only have access to a public facing network, while wstunnel containers would only have access to an internal network.
pavel-orlov
commented
4 months ago I'd also like to have similar to ssh alternative below.
ssh -N -f -R /tmp/zp3ft5fmps6bd4gep7iv:127.0.0.1:80 user@host
ha-ku
commented
4 months ago This would also help in scenarios like chained proxies, where forwarding via unix sockets seems to have better performance than local network loopbacks.
erebe
commented
4 months ago Hello,
Would you mind trying this pre-release https://github.com/erebe/wstunnel/releases/tag/v9.1.0 and let me know if it works for you ?
You should be able to start wstunnel client and specify something like -L unix:///tmp//wstunnel.sock:127.0.0.1:80
Regarding wstunnel server supporting receiving packets from a unix socket, I am not sure whether I am going to do it, as it will require a bit too much code change to my taste to support it, and I am not sure if there is a real need for it. Will check and let you know
P.s: I still need to support unix datagram socket, but as everything related to udp, it is a pain to implement.
pavel-orlov
commented
4 months ago Hello @erebe
Thank you for adding Unix socket support. That works for me with reverse connection. I noticed it does not delete a socket file when connection is finished and unable to reuse the file again, so when you try -R unix:///tmp//wstunnel.sock:127.0.0.1:80 again, the server rejects connection.
erebe
commented
3 months ago indeed thanks for reporting, I have made the fix :see_no_evil: https://github.com/erebe/wstunnel/commit/b7dbd864c42eb9619507521041eff16d48dfe16a
and have re-created the release 9.2.0, so if you re-download it, it should be good now.
Specifically for cases where the wstunnel server is behind a reverse proxy, it would be useful to have the ability to listen on a Unix domain socket instead of having to use an IP address and port.
This would only be useful with non-secure
ws, e.g.unix:///absolute/path/to/unix/socketorunix://relative/path/to/socket.Unix domain sockets are subject to filesystem security models and mount namespaces, making them easier to restrict access to than traditional IP/port network endpoints, especially when you have Docker installed on the same system.
A command-line option for specifying the
modeof the created socket would be handy too.