项目作者: root-gg

项目描述 :
HTTP tunnel over Websocket
高级语言: Go
项目地址: git://github.com/root-gg/wsp.git
创建时间: 2016-11-23T08:49:02Z
项目社区:https://github.com/root-gg/wsp

开源协议:

下载


WS PROXY

This is a reverse HTTP proxy over websockets.
The aim is to securely make call to internal APIs from outside.

How does it works

a WSP client runs in the internal network ( alongside the APIs )
and connects to a remote WSP server with HTTP websockets.

One issue HTTP requests to the WSP server with an extra
HTTP header ‘X-PROXY-DESTINATION: “http://api.internal/resource“‘
to the /request endpoint.

The WSP Server then forward the request to the WSP Client over the
one of the offered websockets. The WSP Client receive and execute
locally an HTTP request to the URL provided in X-PROXY-DESTINATION
and forwards the HTTP response back to the WSP server which in turn
forwards the response back to the client. Please note that no
buffering of any sort occurs.

If several WSP clients connect to a WSP server, requests will be spread
in a random way to all the WSP clients.

wsp schema

Get code

  1. go get github.com/root-gg/wsp

WSP server configuration

  1. # wsp_server.cfg
  2. ---
  3. host : 127.0.0.1 # Address to bind the HTTP server
  4. port : 8080 # Port to bind the HTTP server
  5. timeout : 1000 # Time to wait before acquiring a WS connection to forward the request (milliseconds)
  6. idletimeout : 60000 # Time to wait before closing idle connection when there is enough idle connections (milliseconds)
  7. #blacklist : # Forbidden destination ( deny nothing if empty )
  8. # - method : ".*" # Applied in order before whitelist
  9. # url : "^http(s)?://google.*" # None must match
  10. # headers : # Optinal header check
  11. # X-CUSTOM-HEADER : "^value$" #
  12. #whitelist : # Allowed destinations ( allow all if empty )
  13. # - method : "^GET$" # Applied in order after blacklist
  14. # url : "^http(s)?://.*$" # One must match
  15. # headers : # Optinal header check
  16. # X-CUSTOM-HEADER : "^value$" #
  17. # secretkey : ThisIsASecret # secret key that must be set in clients configuration
  1. $ cd wsp_server && go build
  2. $ ./wsp_server -config wsp_server.cfg
  3. {
  4. "Host": "127.0.0.1",
  5. "Port": 8080
  6. }
  7. 2016/11/22 15:31:39 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  8. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  9. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  10. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  11. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  12. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  13. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  14. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  15. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  16. 2016/11/22 15:31:40 Registering new connection from 7e2d8782-f893-4ff3-7e9d-299b4c0a518a
  17. 2016/11/22 15:33:34 GET map[User-Agent:[curl/7.26.0] Accept:[*/*] X-Proxy-Destination:[https://google.fr]]
  18. 2016/11/22 15:33:34 proxy request to 7e2d8782-f893-4ff3-7e9d-299b4c0a518a

For now TLS setup should be implemented using an HTTP reverse proxy
like NGinx or Apache…

WSP proxy configuration

  1. # wsp_client.cfg
  2. ---
  3. targets : # Endpoints to connect to
  4. - ws://127.0.0.1:8080/register #
  5. poolidlesize : 10 # Default number of concurrent open (TCP) connections to keep idle per WSP server
  6. poolmaxsize : 100 # Maximum number of concurrent open (TCP) connections per WSP server
  7. #blacklist : # Forbidden destination ( deny nothing if empty )
  8. # - method : ".*" # Applied in order before whitelist
  9. # url : ".*forbidden.*" # None must match
  10. # headers : # Optinal header check
  11. # X-CUSTOM-HEADER : "^value$" #
  12. #whitelist : # Allowed destinations ( allow all if empty )
  13. # - method : "^GET$" # Applied in order after blacklist
  14. # url : "http(s)?://.*$" # One must match
  15. # headers : # Optinal header check
  16. # X-CUSTOM-HEADER : "^value$" #
  17. # secretkey : ThisIsASecret # secret key that must match the value set in servers configuration
  • poolMinSize is the default number of opened TCP/HTTP/WS connections
    to open per WSP server. If there is a burst of simpultaneous requests
    the number of open connection will rise and then decrease back to this
    number.
  • poolMinIdleSize is the number of connection to keep idle, meaning
    that if there is more than this number of simultaneous requests the
    WSP client will try to open more connections to keep idle connection.
  • poolMaxSize is the maximum number of simultaneous connection that
    the proxy will ever initiate per WSP server.
  1. $ cd wsp_client && go build
  2. $ ./wsp_client -config wsp_client.cfg
  3. {
  4. "ID": "7e2d8782-f893-4ff3-7e9d-299b4c0a518a",
  5. "Targets": [
  6. "ws://127.0.0.1:8080/register"
  7. ],
  8. "PoolMinSize": 10,
  9. "PoolMinIdleSize": 5,
  10. "PoolMaxSize": 100
  11. }
  12. 2016/11/22 15:31:39 Connecting to ws://127.0.0.1:8080/register
  13. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  14. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  15. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  16. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  17. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  18. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  19. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  20. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  21. 2016/11/22 15:31:40 Connecting to ws://127.0.0.1:8080/register
  22. 2016/11/22 15:33:34 got request : {"Method":"GET","URL":"https://google.fr","Header":{"Accept":["*/*"],"User-Agent":["curl/7.26.0"],"X-Proxy-Destination":["https://google.fr"]},"ContentLength":0}

Client

  1. $ curl -H 'X-PROXY-DESTINATION: https://google.fr' http://127.0.0.1:8080/request
  2. <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="fr"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" it...