Support `--listen` for `tsh proxy` commands

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.

https://goteleport.com

GNU Affero General Public License v3.0

17.48k stars 1.75k forks source link

Support `--listen` for `tsh proxy` commands #40509

Open greedy52 opened 6 months ago

greedy52 commented 6 months ago

What would you like Teleport to do? Ability to specify the listener address for the local proxies hosted by tsh proxy commands. (Maybe limit to local addresses only)

What problem does this solve?

Currently tsh local proxies only listen on localhost or 127.0.0.1. Often applications are launched in docker containers so they cannot access these local proxies.

If a workaround exists, please include it. socat ?

greedy52 commented 5 months ago

There are internal discussions to use a unix socket unix:/ which is a more secure option. Socket files can be shared locally to docker containers if needed.

Apparently Machine ID already has this option:

https://github.com/gravitational/teleport/pull/40992