I am trying to see if there is any existing websocket implementation that will solve the problem described below. I did take a look at websockify but from what I understand it may not solve the problem I am looking at.
Lets say I have 2 hosts, Host-A and Host-B. Host-A, a websocket client, will set up websocket connection to Host-B. Host-B should now be able to connect to SSH Server on Host-A over this websocket connection. Further to this, Host-A should be able to setup reverse tunnel for not just SSH but possibly other protocols too on the same websocket connection.
Could this be achieved?
Are there any existing implementations that does anything close to this?
What possibly needs to be done to support this scenario with websockets?
even if the question is old, you can try to reade the documentation of node-reverse-wstunnel, this is a nodejs module that implement websocket tunnel and reverse websocket tunnel.
The link of the gitHub project repository is:
https://github.com/MDSLab/node-reverse-wstunnel
The follow link is the nodejs module:
https://www.npmjs.com/package/node-reverse-wstunnel
Related
If it matters, I am asking for the HMR (hot module replacement) use case.
I have already read this. My understanding is that WebSocket uses the same connection that was used during the handshake. My question is after that:
Can the client (browser) still send requests to the same server and same port after the WebSocket protocol starts?
If it can, will it be a different connection?
The short answer is YES and YES.
TL;DR
After reading this and this, I think I can answer my own question now.
A client can build as many connections to a server (to the limit that they can afford). There are always two ports involved in a connection - one at the server, and another at the client.
The server-side port is specified (and is known to the client). Clients open a temporary or dynamic port that lasts only as long as the connection is made.
I'm new user of envoy proxy, maybe someone can help me
I have 2 upstream hosts (UH1 and UH2), and configured envoy proxy to proxy (round robin) websocket connections from a client (frontend) to them.
Let's say UH1 has an active websocket connection (WC1) and UH1 becomes down (closes all its connections) I would like to keep the connection WC1 alive with a client and move the connection to UH2. Could anyone say if it is possible?
Thank you in advance!
I asked this question in the official google group of envoy-dev team and got an answer from Stephan:
This isn’t currently supported.
My sense is that one might be able to write an HTTP filter that takes
the place of the router filter to support this behavior in conjunction
with upgrade configs[1], but it’s probably a lot of work. That filter
would probably need to buffer the original HTTP request to be able
form a new websocket to a different upstream, and it would need to
decode websocket frames to avoid forwarding partial frames. Further if
the messages on the websocket are request/response oriented the filter
would have buffer websocket frames and have knowledge of their content
to avoid dropping requests.
In my experience, optimizing reconnect from the client and just
forming a new websocket connection is simpler to implement and also
provides benefits when the connection between the client and Envoy is
severed.
Stephan
https://groups.google.com/g/envoy-dev/c/3yCTqLx5ePE
I am creating a TCP tunnel application for RDP connections, On Server-side: Redirecting RDP connections to tunnel-server, Then sending those data to Client-side which receives the data successfully. But what happens after that? I don't know!
I know it is easier if traffic was HTTP/HTTPS because you can parse the header to address and content then send back the result. You don't even need TCP or sockets but forwarding RDP is unclear for me.
How can i forward those traffics from client-side then sending the results back to server and mstsc (windows default RDP client)? My problem is with the concept, Should i send those RDP data to client then from client machine to port 3389? And this app is considered some sort of Socks Proxy i guess.
This is the structure of what i have done at the moment:
Similar threads that aren't answer to my issue:
RDP through TCP Proxy
How to create a simple proxy in C#?
C# Proxy using Sockets, how should I do this?
P.S. The type of programming language doesn't matter for me (Currently working with c# and python but newer languages are OK too), I just want to learn how it works conceptually with a simple pseudo-code or sample, All kind of explanations or examples are appreciated.
I was experimenting hashicorp/yamux over gorilla/websocket, and got stuck.
I started with vanilla WebSocket using the echo example from Gorilla WebSocket project. It was very a straight forward client-server setup. Then image that the server is now behind a firewall, thus the client cannot make a direct connection to it. So I introduced a hub and an agent. The hub is supposed to be publicly visible and connectable for the client. The agent would run alongside the server, who would first make a WebSocket connection to the hub and then multiplex the connection using Yamux so that the hub can then initiate requests to the server. In this way, I effectively "exposed" the server beyond the firewall.
For normal HTTP endpoints, things are good. The client can make requests to the hub, who would proxy these requests to the agent using the WebSocket connection initiated by the hub, and then the hub would further proxy these requests to the server.
However, this trick failed to work with WebSocket endpoints. For the echo example, the client can access the HTML on / through the hub-agent-server chain, but would fail on the /echo path, which is a WebSocket endpoint.
My question is, is this WebSocker over Yamux over WebSocket fundamentally impossible, or do I just need some extra lines to get things work? Here's the code I've been experimenting with. Really appreciate your helps!
Please consider the following scenario:
VNC Client try to connect with a VNC Server which is behind a NAT.
I have written a port forwarder in java which help me achieving above task, and it works fine.
Now I need to, somehow, add a connection brokering functionality within this forwarder so that I can also intercept the communication between VNC Client – Server, and authenticate the VNC Client within the forwarding utility as well.
You may have guessed that actually I am using the password received from VNC Client for some authentication in my app. As the RFB Server can be implemented at application layer, I guess this interception is possible... VNCAuthentication (DES encryption/decryption) is used in all above communication. Upon successful authentication within the forwarding utility I shall just let the forwarding continue for that respective client, else I can close it (stop forwarding).
I have tried some implementation, also tried customizing a java implementation of rfb server... but still not able to get there. It will take some time, I know, but need to confirm if I am thinking straight.
Please let me know if the implementation of above scenario is ambiguous, not possible, or illegitimate and if this is possible, let me have some guild lines...
This seems like a good implementation. Think of it like a VNC proxy, just like an HTTP(S) proxy. There are also HTTP authenticating proxies. You're implementing part of the VNC protocol to create an authenticating VNC proxy.
Maybe you can get some inspiration from VNCProxy, an existing Java VNC proxy.