• Stars
    star
    1,340
  • Rank 35,068 (Top 0.7 %)
  • Language
    Python
  • License
    MIT License
  • Created about 4 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Minimal, self-hosted, 0-config alternative to ngrok. Caddy+OpenSSH+50 lines of Python.

What is it?

If you have a webserver running on one computer (say your development laptop), and you want to expose it securely (ie HTTPS) via a public URL, SirTunnel allows you to easily do that.

How do you use it?

If you have:

  • A SirTunnel server instance listening on port 443 of example.com.
  • A copy of the sirtunnel.py script available on the PATH of the server.
  • An SSH server running on port 22 of example.com.
  • A webserver running on port 8080 of your laptop.

And you run the following command on your laptop:

ssh -tR 9001:localhost:8080 example.com sirtunnel.py sub1.example.com 9001

Now any requests to https://sub1.example.com will be proxied to your local webserver.

How does it work?

The command above does 2 things:

  1. It starts a standard remote SSH tunnel from the server port 9001 to local port 8080.
  2. It runs the command sirtunnel.py sub1.example.com 9001 on the server. The python script parses sub1.example.com 9001 and uses the Caddy API to reverse proxy sub1.example.com to port 9001 on the server. Caddy automatically retrieves an HTTPS cert for sub1.example.com.

Note: The -t is necessary so that doing CTRL-C on your laptop stops the sirtunnel.py command on the server, which allows it to clean up the tunnel on Caddy. Otherwise it would leave sirtunnel.py running and just kill your SSH tunnel locally.

How is it different?

There are a lot of solutions to this problem. In fact, I've made something of a hobby of maintaining a list of the ones I've found so far.

The main advantages of SirTunnel are:

  • Minimal. It leverages Caddy and whatever SSH server you already have running on your server. Other than that, it consists of a 50-line Python script on the server. That's it. Any time you spend learning to customize and configure it will be time well spent because you're learning Caddy and your SSH server.
  • 0-configuration. There is no configuration on the server side. Not even CLI arguments.
  • Essentially stateless. The only state is the certs (which is handled entirely by Caddy) and the tunnel mappings, which are ephemeral and controlled by the clients.
  • Automatic HTTPS certificate management. Some other solutions do this as well, so it's important but not unique.
  • No special client is required. You can use any standard SSH client that supports remote tunnels. Again, this is not a unique feature.

Running the server

Assuming you already have an ssh server running, getting the SirTunnel server going consists of simply downloading a copy of Caddy and running it with the provided config. Take a look at install.sh and run_server.sh for details.

Note: Caddy needs to bind to port 443, either by running as root (not recommended), setting the CAP_NET_BIND_SERVICE capability on the Caddy binary (what the install.sh script does), or changing caddy_config.json to bind to a different port (say 9000) and using something like iptables to forward to that port.

Future Features

SirTunnel is intended to be a minimal tool. As such, I'm unlikely to add many features moving forward. However, the simplicity makes it easier to modify for your needs. For example, see this fork which adds functionality to help multiple users avoid overwriting each others' tunnels:

https://github.com/matiboy/SirTunnel

More Repositories

1

awesome-tunneling

List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
15,265
star
2

fibridge-proxy-rs

Proxy for turning web browsers into web servers. Load a 100GB file in your browser and stream it over the public web with HTTP byte range requests.
Rust
97
star
3

react_rust_webapp

Code for my blog post about combining React and Rust in a statically-linked web app
Rust
66
star
4

react_rust_wasm

Code for my blog post about getting started with React and Rust/wasm
JavaScript
21
star
5

stealthcheck

0-dependency service health checks/restarts/email alerts in 150 lines of Go
Go
19
star
6

chromeps

Simple pubsub implementation for Chrome extensions
JavaScript
14
star
7

graphml-js

GraphML parser for javascript
TypeScript
10
star
8

chrome-extension-css-isolation-example

JavaScript
10
star
9

redpill

A Matrix code rain implementation that visualizes your latest public GitHub contributations.
JavaScript
9
star
10

de_bruijn_visualizer

JavaScript
6
star
11

ari-quickstart

Asterisk ARI Quickstart in Python
Python
4
star
12

golicons

Easy-to-use animated icons of Conway's Game of Life that nobody asked for
HTML
4
star
13

droplink

Tiny web app to convert Dropbox share links into direct HTML links that can be downloaded with tools like cURL
HTML
3
star
14

battle_beetles

Genetic algorithms school project
Rust
3
star
15

tuplates-py

Commit valid code; not templates
Python
3
star
16

octopress-blog

Personal Blog
Ruby
2
star
17

assg

[Anders'|Another] Static Site Generator
Rust
2
star
18

ergo-pedals

Arduino firmware and software for foot pedals I use to reduce my forearm pain when typing. Works with normal hardware switches and an Arduino Uno. No additional hardware necessary.
C++
2
star
19

certgrabber

Go
2
star
20

google-apps-script-database

Simple library for representing spreadsheets as databases with a mongo-like interface
JavaScript
2
star
21

pojo_flow

JavaScript
2
star
22

newb-server-go

Go
2
star
23

fsperf

C
1
star
24

dashtui

Go
1
star
25

autobencher

Python
1
star
26

euly_cycle

JavaScript
1
star
27

tuplates-js

Commit working code; not templates
JavaScript
1
star
28

anderspitman.net

JavaScript
1
star
29

rust_docker_barebones

Rust
1
star
30

reverserver

Host large files from your browser
JavaScript
1
star
31

issued

An itty bitty server for users to submit issues to
JavaScript
1
star
32

vanilla-js-example

HTML
1
star
33

apitman.com-posts

Backup of blog posts
1
star
34

iobio-absent-anders

1
star
35

fibridge-gui-js

JavaScript
1
star
36

fakevars

C++
1
star
37

timeline-user

HTML
1
star
38

gh_actions_apptainer_test

1
star
39

backrot

Shell
1
star
40

ifnot

Universal Notifcation Platform
1
star
41

pipefine

Go
1
star