Fr0sT-Brutal
commented
5 years ago You can try tunneling (https://github.com/square/ghostunnel, stunnel)
Open drf5n opened 5 years ago
Fr0sT-Brutal
commented
5 years ago You can try tunneling (https://github.com/square/ghostunnel, stunnel)
Antonius-S
commented
5 years ago Wrote an elementary TCP=>TLS tunnel, currently config is hardcoded in sources. NodeJS 10+. Just save as index.js, launch node index.js and make your client connect to localhost:8443 instead of cddis-caster.gsfc.nasa.gov:443.
// TCP=>TLS tunnel
// (c) Antonius S. Hart
'use strict';
const net = require('net');
const tls = require('tls');
const config =
{
listenPort: '8443',
destHost: 'cddis-caster.gsfc.nasa.gov',
destPort: '443'
};
const incomingSrv = net.createServer();
incomingSrv.connID = 1;
incomingSrv.on('connection', incomingSrv_onConnection);
incomingSrv.listen(config.listenPort, () => console.log('~ Listening to', incomingSrv.address().port));
function incomingSrv_onConnection(inSocket)
{
console.log(`~ Connection #${this.connID} accepted on port`, this.address().port);
inSocket.connID = this.connID;
this.connID++;
// connect to dest host as ordinary socket
const outSock = new net.Socket();
outSock.on('close', () => console.log(`~ Tunnel #${inSocket.connID} closed`));
outSock.on('error', (err) => console.log(`~ Tunnel #${inSocket.connID} error: ${err}`));
console.log(`~ Connecting to dest ${config.destHost}:${config.destPort}`);
outSock.connect(config.destPort, config.destHost,
function ()
{
console.log(`~ Connected to dest ${outSock.remoteAddress}`);
// if connect succeeded, create TLS socket
const outTLSSock = new tls.TLSSocket(this);
// and pipe incoming socket to TLS one
inSocket.pipe(outTLSSock);
outTLSSock.pipe(inSocket);
console.log(`~ Tunnel #${inSocket.connID} ready`);
});
inSocket.on('close', () => console.log(`~ Connection #${inSocket.connID} closed`));
inSocket.on('error', (err) => console.log(`~ Connection #${inSocket.connID} error: ${err}`));
}
umeat
commented
2 years ago In Australia, AUSCORS will now only support NTRIP over TLS. Is there any plan for implementing support for TLS in RTKLIB?
umeat
commented
2 years ago In addition to the above comment, I have found Nginx quite straight forward for this kind of TLS tunnelling. Here's an example config which will expose the new AUSCORS caster on localhost port 2101:
events {}
http {
server {
listen 2101;
server_name localhost;
location / {
proxy_pass https://ntrip.data.gnss.ga.gov.au:443;
}
}
}So I can connect an NTRIP client to localhost:2101 instead of ntrip.data.gnss.ga.gov.au:443.
Antonius-S
commented
2 years ago https://github.com/Antonius-S/Node_TLS-Tunnel - TCP=>TLS Proxy server using HTTP CONNECT method
lachlan-ng
commented
1 year ago Thanks all for the workarounds!
Adding to the NGINX solution, turning proxy_buffering off will allow RTKLIB to access the streamed RTCM messages as they are received, instead of waiting to fill up the buffer. This is particularly relevant when connecting to SSR mountpoints, since SSR RTCM messages are much smaller than those used for RTK.
So the nginx.conf will look something like this for the AUSCORS NTRIP caster:
events {}
http {
server {
listen 2101;
server_name localhost;
location / {
proxy_pass https://ntrip.data.gnss.ga.gov.au:443;
proxy_buffering off;
}
}
}
When I try to use srctblbrows.exe to get the stream list from the cddis-caster.gsfc.nasa.gov:443 server I get a 'disconnected' in the status line.
Per https://cddis.nasa.gov/Data_and_Derived_Products/Caster_client_config.html their server only supports HTTPS/SSL and I do not see a method to tell RTKLIB about their certificate or to tell the srctblbrows.exe to use a certificate, username, and password.
Does RTKLIB not work with SSL, only plain text on port 80 or 2101 or whatever?
Is there a workaround using the BKG client with RTKLIB?