Skip to content

Instantly share code, notes, and snippets.

@webvictim
Last active June 27, 2022 22:30
Show Gist options
  • Save webvictim/35d03b2af84ea60f99dd974ea50c12c4 to your computer and use it in GitHub Desktop.
Save webvictim/35d03b2af84ea60f99dd974ea50c12c4 to your computer and use it in GitHub Desktop.
Script for automatically discovering Teleport trusted cluster web/tunnel addresses
#!/bin/bash
if [[ "$1" == "" ]]; then
echo "Usage: $(basename $0) <proxy hostname>"
exit 1
fi
PROXY=$1
if ! type curl >/dev/null 2>&1; then
echo "curl must be installed"
exit 2
fi
if ! type jq >/dev/null 2>&1; then
echo "jq must be installed"
exit 3
fi
if [[ "${PROXY}" =~ "http" ]]; then
PROXY=$(echo ${PROXY} | cut -d/ -f3)
fi
if ! curl -m3 -s https://${PROXY}/webapi/ping >/dev/null 2>&1; then
echo "Error: looks like there's no Teleport cluster at ${PROXY} - check your connectivity"
exit 4
fi
WEB_ADDR=$(curl -m5 -s https://${PROXY}/webapi/ping | jq -r .proxy.ssh.public_addr)
TUNNEL_ADDR=$(curl -m5 -s https://${PROXY}/webapi/ping | jq -r .proxy.ssh.ssh_tunnel_public_addr)
TLS_ROUTING=$(curl -m5 -s https://${PROXY}/webapi/ping | jq -r .proxy.tls_routing_enabled)
# web addr
if [[ "${WEB_ADDR}" == "null" ]]; then
WEB_ADDR=${PROXY}
fi
# tunnel addr
if [[ "${TUNNEL_ADDR}" == "null" ]]; then
TUNNEL_LISTEN_PORT=$(curl -m5 -s https://${PROXY}/webapi/ping | jq -r .proxy.tunnel_listen_addr | cut -d: -f2)
if [[ "${TUNNEL_LISTEN_PORT}" == "null" ]]; then
if [[ "${TLS_ROUTING}" == "true" ]]; then
TUNNEL_ADDR="${PROXY}:443"
else
TUNNEL_ADDR="${PROXY}:3024"
fi
else
TUNNEL_ADDR="${PROXY}:${TUNNEL_LISTEN_PORT}"
fi
fi
echo "tunnel_addr: ${TUNNEL_ADDR}"
echo "web_proxy_addr: ${WEB_ADDR}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment