[Help/Question] How can we make client as a proxy in reverse proxy tunnel ? #553
Comments
|
The entrypoint in tunnel handler is a normal HTTP reverse proxy service (not an HTTP proxy), used as a convenient way to access web services, and only accepts normal HTTP requests. For non-HTTP traffic, a separate TCP (or UDP) entrypoint needs to be run. services:
- name: entrypoint
addr: :8000
handler:
type: tcp
chain: chain-0
listener:
type: tcp
forwarder:
nodes:
- name: target-0
addr: example.com
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: :8443
connector:
type: tunnel
metadata:
tunnel.id: 4d21094e-b74c-4916-86c1-d9fa36ea677b
dialer:
type: tcp |
|
@ginuerzh |
|
Do you want to expose the internal proxy service and access other services through the proxy? As mentioned above, you need to run a TCP entrypoint and map it to the internal proxy server. For example Client sideProxy server that need to be exposedTunnel clientgost -L rtcp://:0/:8080 -F tunnel://[server_ip]:8443?tunnel.id=4d21094e-b74c-4916-86c1-d9fa36ea677bservices:
- name: service-0
addr: :0
handler:
type: rtcp
listener:
type: rtcp
chain: chain-0
forwarder:
nodes:
- name: target-0
addr: :8080
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: [server_ip]:8443
connector:
type: tunnel
metadata:
tunnel.id: 4d21094e-b74c-4916-86c1-d9fa36ea677b
dialer:
type: tcpServer sideTunnel servicegost -L tunnel://:8443?tunnel=proxy:4d21094e-b74c-4916-86c1-d9fa36ea677bservices:
- name: service-0
addr: :8443
handler:
type: tunnel
metadata:
ingress: ingress-0
listener:
type: tcp
ingresses:
- name: ingress-0
rules:
- hostname: "proxy"
endpoint: 4d21094e-b74c-4916-86c1-d9fa36ea677bTCP entrypointgost -L tcp://:8000/proxy -F tunnel://:8443?tunnel.id=4d21094e-b74c-4916-86c1-d9fa36ea677bservices:
- name: entrypoint
addr: :8000
handler:
type: tcp
chain: chain-0
listener:
type: tcp
forwarder:
nodes:
- name: target-0
addr: proxy
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: :8443
connector:
type: tunnel
metadata:
tunnel.id: 4d21094e-b74c-4916-86c1-d9fa36ea677b
dialer:
type: tcpNOTE: the hostname in the ingress rule is a virtual host, it is used for tunnel routing. Then you can use the entrypoint as a proxy to access other services: curl --socks5-hostname server_ip:8000 https://ipinfo.io |
|
@ginuerzh |
As the docs(https://gost.run/tutorials/reverse-proxy-tunnel/) say, the test config as follows:
client side :
log: level: debug services: - name: service-0 addr: :0 handler: type: rtcp listener: type: rtcp chain: chain-0 chains: - name: chain-0 hops: - name: hop-0 nodes: - name: node-0 addr: [server_ip]:8443 connector: type: tunnel metadata: tunnel.id: 4d21094e-b74c-4916-86c1-d9fa36ea677b tunnel.weight: 1 dialer: type: tcpserver side :
services: - name: service-0 addr: :8443 handler: type: tunnel metadata: entrypoint: "127.0.0.1:10086" ingress: ingress-0 listener: type: tcp ingresses: - name: ingress-0 rules: - hostname: "example.com" endpoint: 4d21094e-b74c-4916-86c1-d9fa36ea677bWell, after starting them in each node, we can visit http://ipinfo.io by curl -x server_ip:10086 http://example.com, but https failed with TLS shakehand error. After some investigations, found that entrypoint hanler don't handle connect method expect one case:
some questions:
1 What should we do to make the request from curl as a relay request?
2 Now the entrypoint handler only support HTTP proxy request, could we create a auto type handler(support socks and http) forward the request to entrypoint handler?
In one word, how can we access any websites or applications(TCP or UDP) from server side? Thx.
The text was updated successfully, but these errors were encountered: