Convert Figma logo to code with AI

mmatczuk logogo-http-tunnel

Fast and secure tunnels over HTTP/2

3,232
307
3,232
59

Top Related Projects

85,378

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

24,128

Unified ingress for developers

List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.

4,558

Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)

12,843

A fast TCP/UDP tunnel over HTTP

15,882

GO Simple Tunnel - a simple tunnel written in golang

Quick Overview

go-http-tunnel is a Go library and command-line tool that allows you to expose local servers behind NATs and firewalls to the public internet over a secure tunnel. It provides a simple way to create HTTP and TCP tunnels, making it easy to share local web services or applications with others.

Pros

  • Easy to set up and use, with both library and command-line interfaces
  • Supports both HTTP and TCP tunneling
  • Secure communication using TLS encryption
  • Lightweight and efficient, written in Go

Cons

  • Limited documentation and examples
  • May require additional configuration for complex networking setups
  • Not as feature-rich as some commercial alternatives
  • Potential security risks if not properly configured

Code Examples

  1. Creating a simple HTTP tunnel:
package main

import (
    "log"
    "net/http"

    "github.com/mmatczuk/go-http-tunnel"
)

func main() {
    tunnelConfig := &tunnel.ClientConfig{
        ServerAddr: "example.com:5223",
        Tunnels: map[string]*tunnel.Tunnel{
            "my-app": {
                Proto: "http",
                Addr:  "localhost:8080",
            },
        },
    }

    client, err := tunnel.NewClient(tunnelConfig)
    if err != nil {
        log.Fatal(err)
    }

    err = client.Start()
    if err != nil {
        log.Fatal(err)
    }

    select {}
}
  1. Creating a TCP tunnel:
package main

import (
    "log"

    "github.com/mmatczuk/go-http-tunnel"
)

func main() {
    tunnelConfig := &tunnel.ClientConfig{
        ServerAddr: "example.com:5223",
        Tunnels: map[string]*tunnel.Tunnel{
            "ssh": {
                Proto: "tcp",
                Addr:  "localhost:22",
            },
        },
    }

    client, err := tunnel.NewClient(tunnelConfig)
    if err != nil {
        log.Fatal(err)
    }

    err = client.Start()
    if err != nil {
        log.Fatal(err)
    }

    select {}
}
  1. Using custom TLS configuration:
package main

import (
    "crypto/tls"
    "log"

    "github.com/mmatczuk/go-http-tunnel"
)

func main() {
    tlsConfig := &tls.Config{
        InsecureSkipVerify: true,
    }

    tunnelConfig := &tunnel.ClientConfig{
        ServerAddr: "example.com:5223",
        TLSConfig:  tlsConfig,
        Tunnels: map[string]*tunnel.Tunnel{
            "my-app": {
                Proto: "http",
                Addr:  "localhost:8080",
            },
        },
    }

    client, err := tunnel.NewClient(tunnelConfig)
    if err != nil {
        log.Fatal(err)
    }

    err = client.Start()
    if err != nil {
        log.Fatal(err)
    }

    select {}
}

Getting Started

To use go-http-tunnel in your Go project:

  1. Install the library:

    go get github.com/mmatczuk/go-http-tunnel
    
  2. Import the package in your Go code:

    import "github.com/mmatczuk/go-http-tunnel"
    
  3. Create a ClientConfig with your desired tunnel settings and start the client as shown in the code examples above.

Competitor Comparisons

85,378

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

Pros of frp

  • Supports multiple protocols (TCP, UDP, HTTP, HTTPS, STCP)
  • More feature-rich with load balancing, custom domains, and plugins
  • Active development with frequent updates and larger community

Cons of frp

  • More complex configuration and setup
  • Higher resource usage due to additional features
  • Steeper learning curve for beginners

Code Comparison

frp configuration example:

[common]
server_addr = x.x.x.x
server_port = 7000

[web]
type = http
local_port = 80
custom_domains = example.com

go-http-tunnel configuration example:

tunnel:
  server_addr: "example.com:5223"
  insecure_skip_verify: true
tunnels:
  - name: "web"
    proto: "http"
    addr: "localhost:80"

Both projects aim to provide tunneling solutions, but frp offers a more comprehensive feature set at the cost of increased complexity. go-http-tunnel focuses on simplicity and ease of use, making it more suitable for basic HTTP tunneling needs. frp's broader protocol support and advanced features make it a better choice for complex networking scenarios, while go-http-tunnel excels in straightforward HTTP tunneling applications.

24,128

Unified ingress for developers

Pros of ngrok

  • More feature-rich, offering advanced functionalities like OAuth and custom domains
  • Provides a user-friendly web interface for managing tunnels
  • Offers a robust free tier with generous usage limits

Cons of ngrok

  • Closed-source, which may limit customization and self-hosting options
  • Can be more complex to set up and configure for advanced use cases
  • Paid plans can be expensive for high-volume users

Code Comparison

ngrok:

tunnel := ngrok.NewTunnel()
err := tunnel.Start("http://localhost:8080")
if err != nil {
    log.Fatal(err)
}

go-http-tunnel:

tunnel := tunnel.NewServer(&tunnel.ServerConfig{
    Addr: ":8080",
})
err := tunnel.Start()
if err != nil {
    log.Fatal(err)
}

Key Differences

  • go-http-tunnel is open-source, allowing for more flexibility and customization
  • ngrok offers a more comprehensive set of features out-of-the-box
  • go-http-tunnel may be better suited for simpler, self-hosted tunneling needs
  • ngrok provides a more polished user experience with its web interface and documentation
  • go-http-tunnel might be preferred for projects requiring full control over the tunneling process

Both projects serve the purpose of creating secure tunnels, but they cater to different use cases and user preferences. The choice between them depends on specific requirements, such as the need for advanced features, self-hosting capabilities, and budget considerations.

List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.

Pros of awesome-tunneling

  • Comprehensive list of tunneling tools and resources
  • Regularly updated with community contributions
  • Covers a wide range of tunneling solutions for various use cases

Cons of awesome-tunneling

  • Not a standalone tunneling solution, just a curated list
  • Requires users to evaluate and choose from multiple options
  • May overwhelm beginners with too many choices

Code comparison

Not applicable, as awesome-tunneling is a curated list and doesn't contain code.

go-http-tunnel example:

tunnel := &Tunnel{
    Host: "example.com",
    Port: 80,
    Remote: "localhost:8080",
}
client.Listen(tunnel)

Summary

awesome-tunneling is a curated list of tunneling tools and resources, while go-http-tunnel is a specific tunneling implementation in Go. awesome-tunneling provides a comprehensive overview of available solutions, making it useful for research and comparison. However, it requires users to evaluate and choose from multiple options, which may be overwhelming for beginners.

go-http-tunnel, on the other hand, offers a ready-to-use tunneling solution with a focused set of features. It's more suitable for users who need a specific Go-based tunneling implementation without the need to explore multiple options.

The choice between the two depends on whether you need a specific tunneling solution (go-http-tunnel) or want to explore and compare various tunneling options (awesome-tunneling).

4,558

Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)

Pros of sslh

  • Multi-protocol support: Handles various protocols (HTTP, SSH, OpenVPN, etc.) on a single port
  • Written in C, potentially offering better performance for low-level operations
  • Mature project with a longer history and wider adoption

Cons of sslh

  • Less focused on HTTP tunneling specifically
  • May require more complex configuration for advanced use cases
  • Not written in Go, which could be a disadvantage for Go-centric environments

Code Comparison

sslh (C):

/* Parse command-line options */
parse_cmdline(argc, argv);

/* Open syslog connection */
setup_syslog();

/* Init protocols */
init_protocols();

go-http-tunnel (Go):

// Parse command-line flags
flag.Parse()

// Set up logging
log.SetFlags(log.Lshortfile)

// Create and start the tunnel
tunnel := tunnel.New(config)
tunnel.Start()

Both projects handle command-line parsing and logging setup, but go-http-tunnel's code is more concise due to Go's standard library. sslh's code reflects its multi-protocol nature, while go-http-tunnel focuses specifically on HTTP tunneling.

12,843

A fast TCP/UDP tunnel over HTTP

Pros of chisel

  • More feature-rich, supporting both TCP and UDP tunneling
  • Offers a user-friendly web interface for management
  • Includes built-in server and client fingerprinting for enhanced security

Cons of chisel

  • May have a steeper learning curve due to more advanced features
  • Potentially higher resource usage compared to go-http-tunnel
  • Less focused on HTTP-specific tunneling

Code Comparison

go-http-tunnel:

tunnel := &Tunnel{
    Host:     "example.com",
    Listener: l,
    Protocol: "http",
}

chisel:

chisel.NewServer(&chisel.Config{
    Reverse: true,
    Auth:    "user:pass",
})

Summary

While go-http-tunnel focuses specifically on HTTP tunneling with simplicity, chisel offers a more comprehensive tunneling solution with support for various protocols. chisel provides additional features like a web interface and enhanced security measures, but may require more resources and have a steeper learning curve. go-http-tunnel might be preferable for simpler HTTP-specific use cases, while chisel is better suited for more complex tunneling requirements across different protocols.

15,882

GO Simple Tunnel - a simple tunnel written in golang

Pros of gost

  • More comprehensive feature set, including support for multiple protocols (HTTP, SOCKS4, SOCKS5, SS)
  • Highly configurable with various encryption and authentication options
  • Active development and regular updates

Cons of gost

  • More complex setup and configuration due to extensive features
  • Potentially higher resource usage for simple tunneling tasks
  • Steeper learning curve for basic use cases

Code comparison

go-http-tunnel:

tunnel := &Tunnel{
    Host: "example.com",
    Port: 80,
    Protocol: "http",
}
client.OpenTunnel(tunnel)

gost:

chain := gost.NewChain(
    gost.Node{Addr: "localhost:8080", Protocol: "http"},
    gost.Node{Addr: "example.com:443", Protocol: "tls"},
)
gost.RunChain(chain)

Summary

gost offers a more feature-rich and versatile solution for creating secure tunnels and proxies, supporting multiple protocols and advanced configurations. However, this comes at the cost of increased complexity and potentially higher resource usage. go-http-tunnel, on the other hand, provides a simpler and more focused approach to HTTP tunneling, which may be preferable for users with straightforward requirements or those who prioritize ease of use.

When choosing between the two, consider your specific needs, the level of customization required, and your familiarity with tunneling concepts. gost is better suited for complex scenarios or users who need support for multiple protocols, while go-http-tunnel may be more appropriate for simpler HTTP tunneling tasks.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Go HTTP tunnel GoDoc Go Report Card Build Status Github All Releases

Go HTTP tunnel is a reverse tunnel based on HTTP/2. It enables you to share your localhost when you don't have a public IP.

Features:

  • HTTP proxy with basic authentication
  • TCP proxy
  • SNI vhost proxy
  • Client auto reconnect
  • Client management and eviction
  • Easy to use CLI

Common use cases:

  • Hosting a game server from home
  • Developing webhook integrations
  • Managing IoT devices

Project Status

IF YOU WOULD LIKE TO SEE THIS PROJECT MODERNIZED PLEASE UPVOTE THE ISSUE.

Installation

Build the latest version.

$ go get -u github.com/mmatczuk/go-http-tunnel/cmd/...

Alternatively download the latest release.

Running

There are two executables:

  • tunneld - the tunnel server, to be run on publicly available host like AWS or GCE
  • tunnel - the tunnel client, to be run on your local machine or in your private network

To get help on the command parameters run tunneld -h or tunnel -h.

Tunnel requires TLS certificates for both client and server.

$ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout client.key -out client.crt
$ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout server.key -out server.crt

Run client:

  • Install tunnel binary
  • Make .tunnel directory in your project directory
  • Copy client.key, client.crt to .tunnel
  • Create configuration file tunnel.yml in .tunnel
  • Start all tunnels
$ tunnel -config ./tunnel/tunnel.yml start-all

Run server:

  • Install tunneld binary
  • Make .tunneld directory
  • Copy server.key, server.crt to .tunneld
  • Start tunnel server
$ tunneld -tlsCrt .tunneld/server.crt -tlsKey .tunneld/server.key

This will run HTTP server on port 80 and HTTPS (HTTP/2) server on port 443. If you want to use HTTPS it's recommended to get a properly signed certificate to avoid security warnings.

Run Server as a Service on Ubuntu using Systemd:

  • After completing the steps above successfully, create a new file for your service (you can name it whatever you want, just replace the name below with your chosen name).
$ vim tunneld.service
  • Add the following configuration to the file
[Unit]
Description=Go-Http-Tunnel Service
After=network.target
After=network-online.target

[Service]
ExecStart=/path/to/your/tunneld -tlsCrt /path/to/your/folder/.tunneld/server.crt -tlsKey /path/to/your/folder/.tunneld/server.key
TimeoutSec=30
Restart=on-failure
RestartSec=30

[Install]
WantedBy=multi-user.target
  • Save and exit this file.
  • Move this new file to /etc/systemd/system/
$ sudo mv tunneld.service /etc/systemd/system/
  • Change the file permission to allow it to run.
$ sudo chmod u+x /etc/systemd/system/tunneld.service
  • Start the new service and make sure you don't get any errors, and that your client is able to connect.
$ sudo systemctl start tunneld.service
  • You can stop the service with:
$ sudo systemctl stop tunneld.service
  • Finally, if you want the service to start automatically when the server is rebooted, you need to enable it.
$ sudo systemctl enable tunneld.service

There are many more options for systemd services, and this is by not means an exhaustive configuration file.

Configuration

The tunnel client tunnel requires configuration file, by default it will try reading tunnel.yml in your current working directory. If you want to specify other file use -config flag.

Sample configuration that exposes:

  • localhost:8080 as webui.my-tunnel-host.com
  • host in private network for ssh connections

looks like this

    server_addr: SERVER_IP:5223
    tunnels:
      webui:
        proto: http
        addr: localhost:8080
        auth: user:password
        host: webui.my-tunnel-host.com
      ssh:
        proto: tcp
        addr: 192.168.0.5:22
        remote_addr: 0.0.0.0:22
      tls:
  	    proto: sni
  	    addr: localhost:443
  	    host: tls.my-tunnel-host.com

Configuration options:

  • server_addr: server TCP address, i.e. 54.12.12.45:5223
  • tls_crt: path to client TLS certificate, default: client.crt in the config file directory
  • tls_key: path to client TLS certificate key, default: client.key in the config file directory
  • root_ca: path to trusted root certificate authority pool file, if empty any server certificate is accepted
  • tunnels / [name]
    • proto: tunnel protocol, http, tcp or sni
    • addr: forward traffic to this local port number or network address, for proto=http this can be full URL i.e. https://machine/sub/path/?plus=params, supports URL schemes http and https
    • auth: (proto=http) (optional) basic authentication credentials to enforce on tunneled requests, format user:password
    • host: (proto=http, proto=sni) hostname to request (requires reserved name and DNS CNAME)
    • remote_addr: (proto=tcp) bind the remote TCP address
  • backoff
    • interval: how long client would wait before redialing the server if connection was lost, exponential backoff initial interval, default: 500ms
    • multiplier: interval multiplier if reconnect failed, default: 1.5
    • max_interval: maximal time client would wait before redialing the server, default: 1m
    • max_time: maximal time client would try to reconnect to the server if connection was lost, set 0 to never stop trying, default: 15m

How it works

A client opens TLS connection to a server. The server accepts connections from known clients only. The client is recognized by its TLS certificate ID. The server is publicly available and proxies incoming connections to the client. Then the connection is further proxied in the client's network.

The tunnel is based HTTP/2 for speed and security. There is a single TCP connection between client and server and all the proxied connections are multiplexed using HTTP/2.

Donation

If this project help you reduce time to develop, you can give me a cup of coffee.

paypal

A GitHub star is always appreciated!

License

Copyright (C) 2017 Michał Matczuk

This project is distributed under the AGPL-3 license. See the LICENSE file for details. If you need an enterprise license contact me directly.