Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proxy endpoint with path enhancement #146

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Proxy endpoint with path enhancement #146

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7ca4727
with Private VPN, it is important that SNI are supplied for SSL hands…
jaiswal-sumit Sep 14, 2023
6b3912e
Add host Param in function discription
jaiswal-sumit Sep 29, 2023
7652baf
Support of path in own reverse proxy endpoint.
jaiswal-sumit Dec 7, 2023
b9124c0
Merge branch 'main' into proxy-endpoint-with-path-fix
jaiswal-sumit Dec 7, 2023
9dda9bc
Merge branch 'main' into proxy-endpoint-with-path-fix
RogerZhongAWS Dec 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/LocalproxyConfig.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,10 @@ namespace aws {
* The tunnel access token which the user gets when they open the tunnel.
*/
std::string access_token { };
/**
* The reverse proxy tunnel endpoint path.
*/
std::string url_path { };
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add details about this in readme?

proxy_mode mode{ proxy_mode::UNKNOWN };
/**
* A unique client-token to ensure only the agent which generated the token may connect to a tunnel
Expand Down
12 changes: 6 additions & 6 deletions src/TcpAdapterProxy.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ namespace aws { namespace iot { namespace securedtunneling {
{
std::ostringstream request_stream;
request_stream << request;
std::string unfiltered_request_string = request_stream.str();
std::string unfiltered_request_string = request_stream.str();
std::tuple<std::size_t, std::size_t> token_filter_range = get_access_token_range(unfiltered_request_string);
return (boost::format("%1%***ACCESS_TOKEN_REMOVED***%2%") %
unfiltered_request_string.substr(0, std::get<0>(token_filter_range)) %
Expand Down Expand Up @@ -803,13 +803,13 @@ namespace aws { namespace iot { namespace securedtunneling {
}
tac.wss = std::make_shared<WebSocketStream>(tac.adapter_config, &log, tac.io_ctx);
tac.wss->control_callback(std::bind(&tcp_adapter_proxy::handle_web_socket_control_message, this, std::ref(tac), std::placeholders::_1, std::placeholders::_2));

static std::string user_agent_string = (boost::format("localproxy %1% %2%-bit/boost-%3%.%4%.%5%/openssl-%6%.%7%.%8%/protobuf-%9%")
% BOOST_PLATFORM % (sizeof(void*)*8)
% (BOOST_VERSION / 100000) % ((BOOST_VERSION / 100) % 1000) % (BOOST_VERSION % 100)
% (OPENSSL_VERSION_NUMBER >> 28) % ((OPENSSL_VERSION_NUMBER >> 20) & 0xF) % ((OPENSSL_VERSION_NUMBER >> 12) & 0xF)
% google::protobuf::internal::VersionString(GOOGLE_PROTOBUF_VERSION) ).str();

//the actual work of this function starts here
BOOST_LOG_SEV(log, info) << "Attempting to establish web socket connection with endpoint wss://" << tac.adapter_config.proxy_host << ":" << tac.adapter_config.proxy_port;

Expand Down Expand Up @@ -901,7 +901,7 @@ namespace aws { namespace iot { namespace securedtunneling {
//next do web socket upgrade - add two custom headers

tac.wss->async_handshake_ex(tac.wss_response, tac.adapter_config.proxy_host.c_str(),
(boost::format("/tunnel?%1%=%2%")%PROXY_MODE_QUERY_PARAM % get_proxy_mode_string(tac.adapter_config.mode)).str(),
(boost::format("%1%?%2%=%3%")% tac.adapter_config.url_path.c_str() %PROXY_MODE_QUERY_PARAM % get_proxy_mode_string(tac.adapter_config.mode)).str(),
[&](boost::beast::websocket::request_type &request)
{
request.set(boost::beast::http::field::sec_websocket_protocol, GET_SETTING(settings, WEB_SOCKET_SUBPROTOCOL));
Expand Down Expand Up @@ -1910,7 +1910,7 @@ namespace aws { namespace iot { namespace securedtunneling {
std::uint16_t port_to_connect = boost::lexical_cast<std::uint16_t>(src_port);
BOOST_LOG_SEV(log, debug) << "Port to connect " << port_to_connect;
server->resolver_.async_resolve(tac.bind_address_actual, src_port,
boost::asio::ip::resolver_base::passive,
boost::asio::ip::resolver_base::passive,
[=, &tac](boost::system::error_code const &ec, tcp::resolver::results_type results)
{
if (ec)
Expand Down Expand Up @@ -2072,7 +2072,7 @@ namespace aws { namespace iot { namespace securedtunneling {
void tcp_adapter_proxy::async_setup_dest_tcp_socket(tcp_adapter_context &tac, string const & service_id, uint32_t const & connection_id, bool is_first_connection)
{
BOOST_LOG_SEV(log, trace) << "Setup destination tcp socket for service id" << service_id;
std::shared_ptr<basic_retry_config> retry_config =
std::shared_ptr<basic_retry_config> retry_config =
std::make_shared<basic_retry_config>(tac.io_ctx,
GET_SETTING(settings, TCP_CONNECTION_RETRY_COUNT),
GET_SETTING(settings, TCP_CONNECTION_RETRY_DELAY_MS),
Expand Down
4 changes: 3 additions & 1 deletion src/main.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,7 @@ bool process_cli(int argc, char ** argv, LocalproxyConfig &cfg, ptree &settings,
("access-token,t", value<string>()->required(), "Client access token")
("client-token,i", value<string>(), "Optional Client Token")
("proxy-endpoint,e", value<string>(), "Endpoint of proxy server with port (if not default 443). Example: data.tunneling.iot.us-east-1.amazonaws.com:443")
("endpoint-path,p", value<string>()->default_value("/tunnel"), "Endpoint path of proxy server if need extra path. Example: reverse-proxy.domain.com/aws-data-service/tunnel, so you connect with -e reverse-proxy.domain.com -p /aws-data-service/tunnel")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please set the endpoint default value in an global variable in header file and set it as default over there. It would be easier to maintain it that way. Also add about this default endpoint value in readme.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for Harsh's point, add to: https://github.com/aws-samples/aws-iot-securetunneling-localproxy/blob/main/src/LocalproxyConfig.h

("region,r", value<string>(), "Endpoint region where tunnel exists. Mutually exclusive flag with --proxy-endpoint")
("source-listen-port,s", value<string>(), "Sets the mappings between source listening ports and service identifier. Example: SSH1=5555 or 5555")
("destination-app,d", value<string>(), "Sets the mappings between the endpoint(address:port/port) and service identifier. Example: SSH1=127.0.0.1:22 or 22")
Expand Down Expand Up @@ -200,7 +201,7 @@ bool process_cli(int argc, char ** argv, LocalproxyConfig &cfg, ptree &settings,
store(parse_config_file(vm["config"].as<string>().c_str(), cliargs_desc), vm);
}
//either way, parse from environment
store(parse_environment(cliargs_desc,
store(parse_environment(cliargs_desc,
[](std::string name) -> std::string
{
if (name == ACCESS_TOKEN_ENV_VARIABLE)
Expand Down Expand Up @@ -234,6 +235,7 @@ bool process_cli(int argc, char ** argv, LocalproxyConfig &cfg, ptree &settings,
BOOST_LOG_TRIVIAL(warning) << "Found access token supplied via CLI arg. Consider using environment variable " << ACCESS_TOKEN_ENV_VARIABLE << " instead";
}
cfg.access_token = vm["access-token"].as<string>();
cfg.url_path = vm["endpoint-path"].as<string>();

if (vm.count("client-token") != 0)
{
Expand Down
Loading