Skip to content

Commit

Permalink
Cleaning code; adding comments
Browse files Browse the repository at this point in the history
  • Loading branch information
zacharylott94 committed Apr 7, 2024
1 parent 1a03736 commit 590e32b
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 40 deletions.
3 changes: 1 addition & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,5 @@ link-macos:
docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" -v "$$PWD:/workdir" --rm -it fractalnetworks/gateway-cli:latest $(GATEWAY) $(FQDN) $(EXPOSE)

link-ci:
./ci/create-link-ci.sh gateway-sshd app.example.com nginx:80
./ci/create-link-ci-tcp-udp.sh gateway-sshd app.example.com TCP://8080:nc-server:8080
./ci/create-link-ci.sh gateway-sshd app.example.com nginx:80 && ./ci/create-link-ci-tcp-udp.sh gateway-sshd app.example.com TCP://8080:nc-server:8080

6 changes: 3 additions & 3 deletions src/client-link/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,9 @@ else
then
# Just opening both TCP and UDP is the quick and dirty way of ensuring both protocols work
# In the future, specifying a protocol in the docker compose snippet may be necessary
# -- 2024-04-03 Zach
socat TCP4-LISTEN:$CENTER_PORT,fork,reuseaddr TCP4:$SERVICE:$BACK_PORT,reuseaddr,fork &
socat UDP4-LISTEN:$CENTER_PORT,fork,reuseaddr UDP4:$SERVICE:$BACK_PORT,reuseaddr,fork
# -- 2024-04-07 zacharylott94@gmail.com
socat TCP4-LISTEN:$CENTER_PORT,fork,reuseaddr TCP4:$EXPOSE,reuseaddr,fork &
socat UDP4-LISTEN:$CENTER_PORT,fork,reuseaddr UDP4:$EXPOSE,reuseaddr,fork
else
echo "Caddy is disabled. Using socat to forward traffic to app."
socat TCP4-LISTEN:8080,fork,reuseaddr TCP4:$EXPOSE,reuseaddr &
Expand Down
35 changes: 17 additions & 18 deletions src/create-link/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,26 +33,26 @@ export LINK_DOMAIN=$2
export EXPOSE=$3
export FORWARD_ONLY="false"

#if EXPOSE has a TCP:// or UDP://, set the appropriate protocol
# Shape of EXPOSE should be TCP://forward_port:service:back_port
# The forward_port is what is exposed from the gateway. It's best to set this to a known
# default port for whatver service you're exposing
# Back port might be best left as a wildcard
# If EXPOSE has a TCP:// or UDP://, set the appropriate protocol.
# The Shape of EXPOSE should be TCP://forward_port:service:back_port.
# FORWARD_PORT is what is exposed from the gateway. It's best to set this to a known
# default port for whatver service you're exposing.
# BACK_PORT is whatever the service container is listening for.
# -- 24/04/07 zacharylott94@gmail.com
decompose_expose_into_parts() {
local COPY_OF_EXPOSE=$1
FORWARD_PROTOCOL=${COPY_OF_EXPOSE%%:*}
export FORWARD_PROTOCOL=$( echo "$FORWARD_PROTOCOL" | tr '[:upper:]' '[:lower:]' ) # make sure our protocol is lowercase
COPY_OF_EXPOSE=${COPY_OF_EXPOSE#*://} #forward.service.back
export FORWARD_PROTOCOL=$( echo "$FORWARD_PROTOCOL" | tr '[:upper:]' '[:lower:]' ) # Make sure the protocol is lowercase
COPY_OF_EXPOSE=${COPY_OF_EXPOSE#*://} # Should have the shape of "forward:service:back"
export FORWARD_PORT=${COPY_OF_EXPOSE%%:*}
export BACK_PORT=${COPY_OF_EXPOSE##*:};
SERVICE=${COPY_OF_EXPOSE#*:}
export SERVICE=${SERVICE%:*};

export BACK_PORT=${COPY_OF_EXPOSE##*:} # Used in the docker-compose snippet
SERVICE=${COPY_OF_EXPOSE#*:}
export SERVICE=${SERVICE%:*} # Used in the docker-compose snippet
}

raw_tcp_udp?() {
shopt -s nocasematch
[[ "$1" =~ udp:// ]] || [[ "$1" =~ tcp:// ]]; return $?;
shopt -s nocasematch # used to ignore case in the following regex checks
[[ "$1" =~ udp:// ]] || [[ "$1" =~ tcp:// ]]; return $?
}

if raw_tcp_udp? $EXPOSE; then
Expand All @@ -77,7 +77,7 @@ GATEWAY_IP=$(getent ahostsv4 "$LINK_DOMAIN" | awk '{print $1; exit}')

LINK_CLIENT_WG_PUBKEY=$(echo $WG_PRIVKEY|wg pubkey)
# LINK_ENV=$(ssh -o StrictHostKeyChecking=accept-new $SSH_HOST -p $SSH_PORT "bash -s" -- < ./remote.sh $CONTAINER_NAME $LINK_CLIENT_WG_PUBKEY > /dev/null 2>&1)
LINK_ENV=$(ssh -o StrictHostKeyChecking=accept-new -o LogLevel=ERROR $SSH_HOST -p $SSH_PORT "bash -s" -- < ./remote.sh $CONTAINER_NAME $LINK_CLIENT_WG_PUBKEY $FORWARD_PORT $FORWARD_PROTOCOL $BACK_PORT)
LINK_ENV=$(ssh -o StrictHostKeyChecking=accept-new -o LogLevel=ERROR $SSH_HOST -p $SSH_PORT "bash -s" -- < ./remote.sh $CONTAINER_NAME $LINK_CLIENT_WG_PUBKEY $FORWARD_PORT $FORWARD_PROTOCOL)

# convert to array
RESULT=($LINK_ENV)
Expand All @@ -99,8 +99,7 @@ else
echo "# docker compose --env-file ./${CONTAINER_NAME}.env ..."

cat link-compose-snippet.yml | envsubst

# TODO add support for WireGuard config output
# Fractal Networks is hiring: jobs@fractalnetworks.co

fi

# TODO add support for WireGuard config output
# Fractal Networks is hiring: jobs@fractalnetworks.co
4 changes: 1 addition & 3 deletions src/create-link/link-compose-snippet-tcp-udp.env
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,4 @@ LINK_DOMAIN=${LINK_DOMAIN}
GATEWAY_CLIENT_WG_PRIVKEY=${WG_PRIVKEY}
FORWARD_ONLY=${FORWARD_ONLY}
NEW_FORWARDING_BEHAVIOR: true
BACK_PORT: ${BACK_PORT}
CENTER_PORT: ${CENTER_PORT}
SERVICE: ${SERVICE}
CENTER_PORT: ${CENTER_PORT}
2 changes: 0 additions & 2 deletions src/create-link/link-compose-snippet-tcp-udp.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,7 @@
# CADDY_TLS_INSECURE: true
FORWARD_ONLY: ${FORWARD_ONLY}
NEW_FORWARDING_BEHAVIOR: true
BACK_PORT: ${BACK_PORT}
CENTER_PORT: ${CENTER_PORT}
SERVICE: ${SERVICE}
restart: unless-stopped
cap_add:
- NET_ADMIN
22 changes: 10 additions & 12 deletions src/create-link/remote.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,18 @@ FORWARD_PORT=$3
FORWARD_PROTOCOL=$4
BACK_PORT=$5

# create gateway-link container
CONTAINER_ID=$(docker run --name $CONTAINER_NAME --network gateway -p 18521/udp --cap-add NET_ADMIN --restart unless-stopped -it -e LINK_CLIENT_WG_PUBKEY=$LINK_CLIENT_WG_PUBKEY -d fractalnetworks/gateway-link:latest)
# get randomly assigned WireGuard port
WIREGUARD_PORT=$(docker port $CONTAINER_NAME 18521/udp| head -n 1| sed "s/0\.0\.0\.0://")

docker rm -f $CONTAINER_ID 2>& 1>NUL
get_random_port() {
# create gateway-link container
CONTAINER_ID=$(docker run --name $CONTAINER_NAME --network gateway -p 18521/udp --cap-add NET_ADMIN --restart unless-stopped -it -e LINK_CLIENT_WG_PUBKEY=$LINK_CLIENT_WG_PUBKEY -d fractalnetworks/gateway-link:latest)
# get randomly assigned WireGuard port
echo $(docker port $CONTAINER_NAME 18521/udp| head -n 1| sed "s/0\.0\.0\.0://")

# grab an extra random port for TCP/UDP
# create gateway-link container
CONTAINER_ID=$(docker run --name $CONTAINER_NAME --network gateway -p 18521/udp --cap-add NET_ADMIN --restart unless-stopped -it -e LINK_CLIENT_WG_PUBKEY=$LINK_CLIENT_WG_PUBKEY -d fractalnetworks/gateway-link:latest)
CENTER_PORT=$(docker port $CONTAINER_NAME 18521/udp| head -n 1| sed "s/0\.0\.0\.0://")
docker rm -f $CONTAINER_ID 2>& 1>NUL
}

docker rm -f $CONTAINER_ID 2>& 1>NUL
WIREGUARD_PORT="$(get_random_port)"
CENTER_PORT="$(get_random_port)"

# create gateway-link container
if [ -n "$FORWARD_PORT" ] && [ -n "$FORWARD_PROTOCOL" ]
Expand All @@ -31,7 +30,6 @@ else
fi
# get gateway-link WireGuard pubkey
GATEWAY_LINK_WG_PUBKEY=$(docker exec $CONTAINER_NAME bash -c 'cat /etc/wireguard/link0.key |wg pubkey')
# get randomly assigned WireGuard port
#WIREGUARD_PORT=$(docker port $CONTAINER_NAME 18521/udp| head -n 1| sed "s/0\.0\.0\.0://")


echo "$GATEWAY_LINK_WG_PUBKEY $WIREGUARD_PORT $CENTER_PORT"

0 comments on commit 590e32b

Please sign in to comment.