Skip to content

Instantly share code, notes, and snippets.

@alexellis

alexellis/INLETS_CLOUD.md Secret

Last active January 19, 2022 09:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alexellis/a14ae80632681bbdf9d14ea3d10bf189 to your computer and use it in GitHub Desktop.
Save alexellis/a14ae80632681bbdf9d14ea3d10bf189 to your computer and use it in GitHub Desktop.
Download ZIP
inlets-cloud demo script and walk-through
Raw
INLETS_CLOUD.md

inlets-cloud demo script and walk-through

This demo script gives a quick overview and walkthrough of features of inlets-cloud using its CLI.

# List tunnels belonging to all users

./inlets-cloud list
TUNNEL       UPSTREAMS      CREATED
alex         [test staging] 2021-12-21 15:52:12 +0000 GMT
blog-preview []             2021-12-19 12:55:49 +0000 GMT
trove        []             2021-07-18 14:07:55 +0100 BST
zero2        []             2021-10-28 12:36:18 +0100 BST

# Create a tunnel for Subhash

./inlets-cloud create subhash
Additional 0 domains: []
Created tunnel subhash. OK.

# Print his connection info, so he can connect a tunnel to the new 
# tunnel server Pod

./inlets-cloud connect --domain exit.o6s.io subhash
# Access your tunnel via: https://subhash.exit.o6s.io

inlets-pro http client \
  --token=r9OFd5AkerDmBMbs1lt1A0CvJwshO4zzemQnK67QquqWVSQViAyoGrsE \
  --url=wss://subhash-tunnel.exit.o6s.io \
  --upstream=http://127.0.0.1:8000 \
  --auto-tls=false

# Run a quick HTTP demo server, we'll use the built-in fileserver
# in inlets for convenience

cd /tmp/test/
cp /etc/os-release ./
inlets-pro fileserver --webroot ./ --allow-browsing --port 8000 &

# Now run the inlets client on his computer, pointing to his local service
# of http://127.0.0.1:8080 - this value can be changed.

inlets-pro http client \
  --token=r9OFd5AkerDmBMbs1lt1A0CvJwshO4zzemQnK67QquqWVSQViAyoGrsE \
  --url=wss://subhash-tunnel.exit.o6s.io \
  --upstream=http://127.0.0.1:8000 \
  --auto-tls=false &

2022/01/14 12:03:18 Starting HTTP client. Version: 0.9.1-dirty - 99e1785a9599ba43e149edc748c47319a325f9c9
2022/01/14 12:03:18 Licensed to: alex <alex@openfaas.com>, expires: 58 day(s)
2022/01/14 12:03:18 Upstream:  => http://127.0.0.1:8000
INFO[2022/01/14 12:03:18] Connecting to proxy                           url="wss://subhash-tunnel.exit.o6s.io/connect"
INFO[2022/01/14 12:03:19] Connection established                        client_id=b52115797d9a4678aaad203ef0b6144f

# Access your tunnel via: https://subhash.exit.o6s.io

# It worked!
curl -s https://subhash.exit.o6s.io/os-release | head -n2 

NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"

# Now he committed his token in error to GitHub, so we have to rotate the token (reset it)

./inlets-cloud rotate subhash

# Look, the leaked token is now invalid:

2022/01/14 12:04:46 Starting HTTP client. Version: 0.9.1-dirty - 99e1785a9599ba43e149edc748c47319a325f9c9
2022/01/14 12:04:46 Licensed to: alex <alex@openfaas.com>, expires: 58 day(s)
2022/01/14 12:04:46 Upstream:  => http://127.0.0.1:8000
INFO[2022/01/14 12:04:46] Connecting to proxy                           url="wss://subhash-tunnel.exit.o6s.io/connect"
ERRO[2022/01/14 12:04:46] Failed to connect to proxy. Response status: 401 - 401 Unauthorized. Response body: failed authentication  error="websocket: bad handshake"
ERRO[2022/01/14 12:04:46] Remotedialer proxy error                      error="websocket: bad handshake"

# What if we want two domains for one tunnel server?
# We are developing a UI dashboard and OpenFaaS together.

./inlets-cloud create openfaas-pro --upstream dashboard --upstream gateway
Additional 2 domains: [dashboard gateway]
Created tunnel openfaas-pro. OK.

# Now get the connection string

# Access your tunnel via: https://dashboard.exit.o6s.io
# Access your tunnel via: https://gateway.exit.o6s.io

inlets-pro http client \
  --token=tynWfR6o9AHLLugjWtkyYIV85ibfn4NAmY3XCrF3UNfXaAHWcpkkhj2p \
  --url=wss://openfaas-pro-tunnel.exit.o6s.io \
  --upstream=dashboard.exit.o6s.io=http://127.0.0.1:8080 \
  --upstream=gateway.exit.o6s.io=http://127.0.0.1:8080 \
  --auto-tls=false
  
Change 127.0.0.1:8080 to whatever port you are using

# Want to generate a systemd unit file to keep the tunnels up?

Just add "--generate=systemd" to the "inlets-pro http client" command

[Unit]
Description=inlets PRO HTTP Client
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=5
StartLimitInterval=0
ExecStart=/usr/local/bin/inlets-pro http client --url="wss://openfaas-pro-tunnel.exit.o6s.io" --upstream="dashboard.exit.o6s.io=http://127.0.0.1:8080" --upstream="gateway.exit.o6s.io=http://127.0.0.1:8080" --auto-tls=false --license-file=$HOME/.inlets/LICENSE --token="tynWfR6o9AHLLugjWtkyYIV85ibfn4NAmY3XCrF3UNfXaAHWcpkkhj2p"

[Install]
WantedBy=multi-user.target

# Now let's rotate that token, because we've inadvertently leaked it through this demo

./inlets-cloud rotate openfaas-pro
A new token will be generated for tunnel: openfaas-pro
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment