PrxPass - A reverse-proxy self-hosted solution (aka local tunnel)

Publish Date: Mar 10 '18

15 10

I finally passed the burnout thing and started coding different things. I've had a need for a reverse-proxy server that works like ngrok or localtunnel but self-hosted (I know localtunnel IS self-hosted but it's in JavaScript...) so I wrote my own.

The idea is simple: you simply start the prxpass-server on your server, then on your local machine, you start the prxpass-client that connects to the server and proxies every request made to <your_id>.<hostname> to your local web application (e.g. localhost:4000).

So for example if you're working on a bot that uses webhooks (e.g. a Telegram bot), you can tell Telegram to send stuff to e.g. mysuperduperbot.prxpass.defman.me (you can set up custom IDs if the server instance allows that) and prxpass will proxy every request to e.g. localhost:9000. In your bot, you only have to listen for POST requests at localhost:9000 in that case and you can even setup a HTTPS once LetsEncrypt rolls out their wildcard certs.

There are other ways to use prxpass, for example if you want to give someone a live demo of your web app without uploading it to the server.

prxpass is not limited to HTTP but to TCP atm (planning to add UDP proxying in the future), so in idea you can proxypass anything that works over the TCP stack. I've not tested it though.

If you have any ideas how I can improve my program - feel free to write the idea in the comments or open an issue on GitHub. If you're interested in using it (it's alpha atm) - please tell me so I'd build the binaries for you. (I didn't bother to build anything but the windows client and the linux server).

Links:

Comments 10 total

Alex MiasoiedovMar 12, 2018
What is the advantage comparing to traditional
ssh -D 8123 username@hostname
?
- Sergey KislyakovMar 12, 2018
  I've not used ssh in this way, so could you tell me how it works?
  
  If I understand the man page correctly, this will give you a tunnel to the remote server, but an user won't be able to access you. PrxPass allows you to share localhost to public by creating a dial tunnel (client <-> server) with your remote server.
  
  PrxPass works in this way:
  
  User requests <id>.example.com/hello.html
  
  The HTTP request (GET /hello.html) is being sent to the associated prxpass client.
  
  The prxpass client sends the HTTP request to localhost (GET /hello.html; Host: localhost) and waits for a response.
  
  The response is being sent back to the server.
  
  User sees localhost/hello.html.
  - Alex MiasoiedovMar 12, 2018
    
    It's a TCP proxy over ssh
    
    jguru.com/faq/view.jsp?EID=227532
    - Sergey KislyakovMar 14, 2018
      
      I don't see a way to route the traffic from a remote server from a specific domain (13.37.13.37, mylocaltunnel.mysite.com) to a local web server (e.g. localhost:8000). PrxPass is a reverse-proxy server, not a simple proxy server.
      
      I'd be happy to see if it's possible to setup a ssh tunnel in this way.
Bernhard BergerApr 27, 2018

..how do I build this thing? :) New to go..

Would love to pack this inside a docker container..
- Sergey KislyakovApr 27, 2018
  
  git clone the repo and run go build.
Bernhard BergerApr 30, 2018
I'm having more issues with prxpass..

My goal is to create a tunnel for a mysql-server running on docker (for local development purposes only). Idea:

local-dev-proxy (accessible through local.mydomain.tld -> 127.0.0.1):
- traefik: 80,443
- prxpass-server: 3306
compose_project_a:
- web:80 -> traefik reverse proxy (http(s)://project-a.local.mydomain.tld)
- db:3306 -> prxpass-server (tcp://project-a.local.mydomain.tld:3306)
compose_project_b:
- web:80 -> traefik reverse proxy (http(s)://project-b.local.mydomain.tld)
- db:3306 -> prxpass-server (tcp://project-b.local.mydomain.tld:3306)
By the documentation this is exactly the scenario that should be achievable with prxpass, I however have a few issues:

1) starting the server with app -tcp actually opens the HTTP config as written in config.toml (creates only an http tunnel)

2) I fire up the client with

app -server prxpass-server:<TCP_PORT> -proxy-to db:3306 -id db -password mysecret results in
a) "connection refused (as only the http tunnel configured on port 8000 is opened)"
and b) it completely ignores the part which would be vital in my case..

Any ideas on how I could achieve this?
- Sergey KislyakovApr 30, 2018
  
  TCP is not yet supported. I kinda don't understand your problem though. Are you running a MySQL server on your machine (127.0.0.1:3306) and you want to access it from the Internet at e.g. db.whatever.com? At least that's the idea of PrxPass - you expose your local stuff to the Internet via your public server. You can only achieve something like this:
  - Bernhard BergerApr 30, 2018
    
    I'm running multiple docker projects on my host (each in a private closed network, e.g. 172.16.x.x) and I want to expose it through a tcp proxy on my local network (127.0.0.x) for convinience (external DB tools like DBeaver/HeidiSQL/Navicat) and mysql command line clients.
    
    The *.local.domain.tld is just an A-Record pointing to 127.0.0.1..
    
    I basically need a tcp reverse proxy solution that I can automate on environment start and stop.
    
    I know HAproxy and nginx (to some extent) can handle TCP routing, but it's a massive overhead I'd like to avoid.
    - Sergey KislyakovApr 30, 2018
      
      I've updated my reply. What you're trying to achieve is not the intended usage of PrxPass (at least at the moment). You want to expose your hosts docker network to your local network and I guess you can do that by setting up a VPN tunnel to your host.

Add comment

Sergey Kislyakov @defman