-
Notifications
You must be signed in to change notification settings - Fork 184
uProxy Servers
A uProxy server provides proxying services for the uProxy client. Think of it as headless uProxy; a uProxy access point; a robot friend. It's an alternative to uProxy's original peer-to-peer concept.
The server is provided as a set of Docker images and may be deployed manually, via shell scripts, on any Linux-based Docker system or on DigitalOcean via uProxy itself.
- A Linux system (even though cloud servers run inside Docker containers,
iptables
is used to restrict access to TCP port 9000 more info). - A system with a public IP.
- The following ports must be publically accessible:
- TCP port 5000
- UDP ports 49152-65535
TODO: What is WebRTC's exact port range? There are many informal references online to the ephemeral port range 49152-65535.
Run, as any user with access to the Docker daemon:
curl https://raw.githubusercontent.com/uProxy/uproxy-docker/master/install-cloud.sh | sh
Install progress stuck at 50? The script is waiting for activity on the zork container's port 9000 ( https://github.com/uProxy/uproxy-docker/blob/master/testing/run-scripts/run_cloud.sh#L146). SSH into your server and examine this command:
docker logs uproxy-zork
The uproxy-sshd
Docker container needs to access the uproxy-zork
Docker container on port 9000. To ensure this is working:
- docker exec uproxy-sshd apt-get install -y telnet
- docker exec uproxy-sshd telnet zork 9000
A uProxy server consists of two Docker containers:
Zork is a headless uProxy client. It accepts commands, via telnet, on port 9000. It was originally developed as a testing tool; on cloud, Zork is configured to refuse connections from outside of localhost
and sshd must be used to establish a secure tunnel to Zork (uProxy uses an SSH library to do just this).
The Zork container is stateless and can be swapped/upgraded/etc. without disturbing access.
Installation-specific metadata exists on the sshd container:
/banner
/hostname
/issue_invite.sh
/login.sh
/home/getter/.ssh/authorized_keys
The uProxy client uses the cloud social provider to access cloud servers. It accepts cloud invitation URLs which encode the following information:
- hostname
- username
- SSH private key
Given an invitation URL, the client:
- connects, via SSH, to port 5000 on
hostname
- executes
cat /banner
, the result of which is used as the server description in the contacts list - requests a tunnel be established to port 9000 on
zork
(there's an/etc/hosts
entry for this, created bydocker run
) - sends and receives WebRTC signalling messages, with a little wrapping, through the secure tunnel to Zork
In effect, the client runs this command:
TODO: ssh tunnel command
-
Manual authorized_keys backup: docker cp uproxy-sshd:/home/getter/.ssh/authorized_keys .
-
Manual authorized_keys restore: docker cp authorized_keys uproxy-sshd:/home/getter/.ssh/
-
Connection success rate: docker cp uproxy-zork:/var/log/zork.log /tmp/ && ./zork-stats.sh /tmp/zork.log
-
Change a cloud server's description: docker exec uproxy-sshd sh -c "echo 'xxx' > /banner"
-
Change a cloud server's notion of its own public IP: docker exec uproxy-sshd sh -c "echo xxx.xxx.xxx.xxx > /hostname"