[](https://github.com/fkantelberg/socket-proxy/actions/workflows/main.yaml)
[](https://opensource.org/licenses/MIT)
[](https://github.com/psf/black)
# socket-proxy
This tool allows to forward TCP or HTTP ports to a server and make them available through the server.
TCP ports will be mapped to ports of the server. HTTP forwarding is done with a simple reverse
proxy using sub-domains. It consists of a client and server part. The server is listening for
incoming connections from clients and creates additional listeners upon connection. These can be
used to directly contact the TCP port set up as destination in the connecting client.
### Security
With this tool you can publish local service which might cause security issues for non-hardened
ports. You should consider further security measurements to harden critical systems if used. The
HTTP implementation is very basic. It's recommended to use a reverse proxy
like nginx with SSL and a wildcard certificate if HTTPS is required.
### Features
- TLS encryption of the tunnel
- Support for client certificates if CA is specified on the server
- Support for token authentication. These tokens are rotating automatically
- Support for IPv4 and IPv6
- Proxy generic TCP ports or more specific HTTP servers
- Limitation of number of tunnels, clients per tunnel, and connections per IP
- Limit the access to specific IP's
- Configuration on server and client side and negotiation of the used settings
- Web API with support of bearer authentication
### Usage
1. Generate CA and certificates to be used on the server and client (e.g. using certs.sh of the package, easy-rsa, or openssl directly)
2. Start a tunnel server using a certificate and matching private key
```
$ socket_proxy server --cert certificate.pem --key certificate.key
```
3. Start a tunnel client and connect to a server. Tunnelled connections can access server reachable under TARGET:PORT
```
$ socket_proxy client --ca ca.pem -c SERVER -d TARGET:PORT
```
4. Connect clients to the opened ports on the server
### Web API Client
`GET /` returns the state of the server as JSON dictionary. Use the path to get only specific information.
E.g. `/clients` only returns the sub-dictionary `clients` and `/clients/edcb13dc0c7c6c64` returns only
information about the client `edcb13dc0c7c6c64`.
`DELETE /<client>` disconnects the client `<client>`.
The client side API doesn't support SSL!
### Web API Server
`GET /` returns the state of the server as JSON dictionary. Use the path to get only specific information.
E.g. `/tunnels` only returns the sub-dictionary `tunnels` and `/tunnels/edcb13dc0c7c6c64` returns only
information about the tunnel `edcb13dc0c7c6c64`.
`GET /api/token` returns a new authentication token as JSON string.
`DELETE /<tunnel>/<client>` disconnects the client `<client>` of the tunnel `<tunnel>`.
`DELETE /<tunnel>` disconnects the tunnel `<tunnel>`.
Raw data
{
"_id": null,
"home_page": "https://github.com/fkantelberg/socket-proxy",
"name": "socket-proxy",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "proxy socket network",
"author": "Florian Kantelberg",
"author_email": "florian.kantelberg@mailbox.org",
"download_url": null,
"platform": null,
"description": "[](https://github.com/fkantelberg/socket-proxy/actions/workflows/main.yaml)\n\n[](https://opensource.org/licenses/MIT)\n\n[](https://github.com/psf/black)\n\n# socket-proxy\n\nThis tool allows to forward TCP or HTTP ports to a server and make them available through the server.\nTCP ports will be mapped to ports of the server. HTTP forwarding is done with a simple reverse\nproxy using sub-domains. It consists of a client and server part. The server is listening for\nincoming connections from clients and creates additional listeners upon connection. These can be\nused to directly contact the TCP port set up as destination in the connecting client.\n\n### Security\n\nWith this tool you can publish local service which might cause security issues for non-hardened\nports. You should consider further security measurements to harden critical systems if used. The\nHTTP implementation is very basic. It's recommended to use a reverse proxy\nlike nginx with SSL and a wildcard certificate if HTTPS is required.\n\n### Features\n\n- TLS encryption of the tunnel\n- Support for client certificates if CA is specified on the server\n- Support for token authentication. These tokens are rotating automatically\n- Support for IPv4 and IPv6\n- Proxy generic TCP ports or more specific HTTP servers\n- Limitation of number of tunnels, clients per tunnel, and connections per IP\n- Limit the access to specific IP's\n- Configuration on server and client side and negotiation of the used settings\n- Web API with support of bearer authentication\n\n### Usage\n\n1. Generate CA and certificates to be used on the server and client (e.g. using certs.sh of the package, easy-rsa, or openssl directly)\n\n2. Start a tunnel server using a certificate and matching private key\n```\n$ socket_proxy server --cert certificate.pem --key certificate.key\n```\n\n3. Start a tunnel client and connect to a server. Tunnelled connections can access server reachable under TARGET:PORT\n```\n$ socket_proxy client --ca ca.pem -c SERVER -d TARGET:PORT\n```\n\n4. Connect clients to the opened ports on the server\n\n### Web API Client\n\n`GET /` returns the state of the server as JSON dictionary. Use the path to get only specific information.\nE.g. `/clients` only returns the sub-dictionary `clients` and `/clients/edcb13dc0c7c6c64` returns only\ninformation about the client `edcb13dc0c7c6c64`.\n\n`DELETE /<client>` disconnects the client `<client>`.\n\nThe client side API doesn't support SSL!\n\n### Web API Server\n\n`GET /` returns the state of the server as JSON dictionary. Use the path to get only specific information.\nE.g. `/tunnels` only returns the sub-dictionary `tunnels` and `/tunnels/edcb13dc0c7c6c64` returns only\ninformation about the tunnel `edcb13dc0c7c6c64`.\n\n`GET /api/token` returns a new authentication token as JSON string.\n\n`DELETE /<tunnel>/<client>` disconnects the client `<client>` of the tunnel `<tunnel>`.\n\n`DELETE /<tunnel>` disconnects the tunnel `<tunnel>`.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Proxy TCP ports of local systems",
"version": "5.0.4",
"project_urls": {
"Homepage": "https://github.com/fkantelberg/socket-proxy"
},
"split_keywords": [
"proxy",
"socket",
"network"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9f21395017bbbf3bfc7af686d1812e8c57c357ab8da17386dddfde7ffa607b93",
"md5": "c5349c5712dfa76e21c25b5f2d023368",
"sha256": "36d8f714ae4b8f7a56c6ad555583d6f5923aaf7d50b1c8adac8e60f96678ae2d"
},
"downloads": -1,
"filename": "socket_proxy-5.0.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "c5349c5712dfa76e21c25b5f2d023368",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 32320,
"upload_time": "2024-03-21T18:20:46",
"upload_time_iso_8601": "2024-03-21T18:20:46.623237Z",
"url": "https://files.pythonhosted.org/packages/9f/21/395017bbbf3bfc7af686d1812e8c57c357ab8da17386dddfde7ffa607b93/socket_proxy-5.0.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-21 18:20:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "fkantelberg",
"github_project": "socket-proxy",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"lcname": "socket-proxy"
}
JSON
