Skip to content

Instantly share code, notes, and snippets.

@alexellis

alexellis/faasd-tunnel.md Secret

Last active Feb 25, 2021
Embed
What would you like to do?
Your quest - establish a secure tunnel with a custom domain

Your quest - establish a secure tunnel with a custom domain

Task: set up a VM with a public IP, install inlets PRO and then connect a client to it, so that you have a secure HTTP tunnel for a HTTP service or server on your private network.

Reward: You'll get listed in this file and bragging rights. You can also get 10% off a personal license after you're done and Tweeted a screenshot.

Why? Understand how easy it can be to set up a self-hosted tunnel. Help the inlets community with feedback for the new RC and features.

Who's tried it so far?

Overview

  • Create a VM with a public IP, install inlets PRO server and start it
  • Create a DNS record for your subdomain
  • Launch a local HTTP server or faasd on your computer, in a multipass VM or on your Raspberry Pi
  • Install the inlets PRO client there and start it

Conceptual

Conceptual diagram with a Node.js microservice on port 3000

Access your private HTTP server or faasd instance via the domain using HTTPS.

What do you need?

You need a HTTP server - faasd makes a good candidate here, or the built-in HTTP server in inlets PRO for sharing files, similar to Python's SimpleHTTPServer.

The faasd instance could be on your Raspberry Pi, or running in multipass.

If you don't want to setup faasd, you can use the built-in filesharing server in inlest PRO instead:

mkdir /tmp/files/
uname -a > /tmp/files/uname
inlets-pro http fileserver \
 --port 8080
 --webroot /tmp/files/

Steps

  • Create a VM somewhere on GCP or DigitalOcean, make sure that you can SSH into it.

  • Configure the security group or firewall, if it's not already open - allow TCP/8123 (inlets control plane) and TCP/80 (Let's Encrypt ACME HTTP01 challenge) and TCP/443 (to serve traffic from the tunnel)

  • Install the inlets PRO RC on your new VM at /usr/local/bin/

  • Then create a DNS A record for faasd.example.com with the IP

  • Get a token for logging in

export TOKEN=$(head -c 16 /dev/urandom | shasum | cut -d" " -f1)
  • Then run
# Populate from previous step
export TOKEN=""

export PUBLIC_IP_OF_SERVER=""

inlets-pro http server \
  --letsencrypt-domain faasd.example.com \
  --letsencrypt-email you@example.com \
  --letsencrypt-issuer prod \
  --token $TOKEN \
  --auto-tls \
  --tls-san $PUBLIC_IP_OF_SERVER

This is the client part of the tunnel. Run it next to your local HTTP server, so on your faasd multipass instance or Raspberry Pi.

The binary for Raspberry Pi has a suffix of -armhf on the downloads page.

# Save the 7-day trial license for the inlets PRO client

echo "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiaW5sZXRzIFJDIHRyaWFsIiwiZW1haWxfYWRkcmVzcyI6ImNvbnRhY3RAb3BlbmZhYXMuY29tIiwicHJvZHVjdHMiOlsiaW5sZXRzLXBybyJdLCJhdWQiOiJqd3QtbGljZW5zZSIsImV4cCI6MTYxMzIxNjI4MiwianRpIjoiODA4MSIsImlhdCI6MTYxMjYxMTQ4MiwiaXNzIjoiand0LWxpY2Vuc2UiLCJzdWIiOiJpbmxldHMgUkMgdHJpYWwifQ.dXYMO6guxldF5aQwJFNSW01EDhRxdP2kjoEnZi0hnwL53xAAiWqWtqsCNBz0cLfQtNUROKCbUBL5y8vj8AQJXA" > LICENSE.txt

# Populate from previous step
export TOKEN=""

export PUBLIC_IP_OF_SERVER=""
inlets-pro http client \
  --url wss://$PUBLIC_IP_OF_SERVER:8123 \
  --token $TOKEN \
  --license-file ./LICENSE.txt \
  --upstream http://127.0.0.1:8080

Now access your service at https://faasd.example.com

What next?

Send a tweet or screenshot to show it worked -> to @alexellisuk or @inletsdev

Did you like the experience? Could this tool be useful to you?

If you connected faasd, why not disconnect and try connecting the fileserver instead? Next time you need to download a big file or share something with a friend of colleague, you'll have a way to do that without third-parties.

Want to know what else it can do?

The first 10 people to try out the gist and to tweet will get 10% off the cost of an inlets PRO license. The personal license can be used at home and at work.

Docker and Kubernetes

You can run the client and server component on Kubernetes

The Docker image is available at ghcr.io/inlets/inlets-pro:0.8.0-rc4-dirty

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment