Skip to content

uProxy Servers

Jump to bottom Edit New page
trevj edited this page Aug 31, 2016 · 9 revisions

Introduction

A uProxy server provides proxying services for the uProxy client. Think of it as headless uProxy; a uProxy access point; a robot friend. It's an alternative to uProxy's original peer-to-peer concept.

The server is provided as a set of Docker images and may be deployed manually, via shell scripts, on any Linux-based Docker system or on DigitalOcean via uProxy itself.

Installation

Requirements

  • A Linux system (even though cloud servers run inside Docker containers, iptables is used to restrict access to TCP port 9000 more info).
  • A system with a public IP.
  • The following ports must be publically accessible:
    • TCP port 5000
    • UDP ports 49152-65535

TODO: What is WebRTC's exact port range? There are many informal references online to the ephemeral port range 49152-65535.

Steps

Run, as any user with access to the Docker daemon:

curl https://raw.githubusercontent.com/uProxy/uproxy-docker/master/install-cloud.sh | sh

Troubleshooting

Install progress stuck at 50? The script is waiting for activity on the zork container's port 9000 ( https://github.com/uProxy/uproxy-docker/blob/master/testing/run-scripts/run_cloud.sh#L146). SSH into your server and examine this command:

docker logs uproxy-zork

The uproxy-sshd Docker container needs to access the uproxy-zork Docker container on port 9000. To ensure this is working:

  • docker exec uproxy-sshd apt-get install -y telnet
  • docker exec uproxy-sshd telnet zork 9000

Design

Overview

A uProxy server consists of two Docker containers:

Zork is a headless uProxy client. It accepts commands, via telnet, on port 9000. It was originally developed as a testing tool; on cloud, Zork is configured to refuse connections from outside of localhost and sshd must be used to establish a secure tunnel to Zork (uProxy uses an SSH library to do just this).

Detailed design

Server

The Zork container is stateless and can be swapped/upgraded/etc. without disturbing access.

Installation-specific metadata exists on the sshd container:

  • /banner
  • /hostname
  • /issue_invite.sh
  • /login.sh
  • /home/getter/.ssh/authorized_keys

Client

The uProxy client uses the cloud social provider to access cloud servers. It accepts cloud invitation URLs which encode the following information:

  • hostname
  • username
  • SSH private key

Given an invitation URL, the client:

  1. connects, via SSH, to port 5000 on hostname
  2. executes cat /banner, the result of which is used as the server description in the contacts list
  3. requests a tunnel be established to port 9000 on zork (there's an /etc/hosts entry for this, created by docker run)
  4. sends and receives WebRTC signalling messages, with a little wrapping, through the secure tunnel to Zork

In effect, the client runs this command:

TODO: ssh tunnel command

Tips and Tricks

  • Manual authorized_keys backup: docker cp uproxy-sshd:/home/getter/.ssh/authorized_keys .

  • Manual authorized_keys restore: docker cp authorized_keys uproxy-sshd:/home/getter/.ssh/

  • Connection success rate: docker cp uproxy-zork:/var/log/zork.log /tmp/ && ./zork-stats.sh /tmp/zork.log

  • Change a cloud server's description: docker exec uproxy-sshd sh -c "echo 'xxx' > /banner"

  • Change a cloud server's notion of its own public IP: docker exec uproxy-sshd sh -c "echo xxx.xxx.xxx.xxx > /hostname"

Add a custom footer
Add a custom sidebar
Clone this wiki locally