fix(core): update

This commit is contained in:
Philipp Kunz 2024-04-14 03:38:00 +02:00
parent eecc510a49
commit 6d14056cfd
16 changed files with 267 additions and 196 deletions

1
.dockerignore Normal file
View File

@ -0,0 +1 @@
node_modules/

46
Dockerfile Normal file
View File

@ -0,0 +1,46 @@
# gitzone dockerfile_service
## STAGE 1 // BUILD
FROM registry.gitlab.com/hosttoday/ht-docker-node:npmci as node1
COPY ./ /app
WORKDIR /app
ARG NPMCI_TOKEN_NPM2
ENV NPMCI_TOKEN_NPM2 $NPMCI_TOKEN_NPM2
RUN npmci npm prepare
RUN pnpm config set store-dir .pnpm-store
RUN rm -rf node_modules && pnpm install
RUN pnpm run build
# gitzone dockerfile_service
## STAGE 2 // install production
FROM registry.gitlab.com/hosttoday/ht-docker-node:npmci as node2
WORKDIR /app
COPY --from=node1 /app /app
RUN rm -rf .pnpm-store
ARG NPMCI_TOKEN_NPM2
ENV NPMCI_TOKEN_NPM2 $NPMCI_TOKEN_NPM2
RUN npmci npm prepare
RUN pnpm config set store-dir .pnpm-store
RUN rm -rf node_modules/ && pnpm install --prod
## STAGE 3 // rebuild dependencies for alpine
FROM registry.gitlab.com/hosttoday/ht-docker-node:alpinenpmci as node3
WORKDIR /app
COPY --from=node2 /app /app
ARG NPMCI_TOKEN_NPM2
ENV NPMCI_TOKEN_NPM2 $NPMCI_TOKEN_NPM2
RUN npmci npm prepare
RUN pnpm config set store-dir .pnpm-store
RUN pnpm rebuild -r
## STAGE 4 // the final production image with all dependencies in place
FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine as node4
WORKDIR /app
COPY --from=node3 /app /app
### Healthchecks
RUN pnpm install -g @servezone/healthy
HEALTHCHECK --interval=30s --timeout=30s --start-period=30s --retries=3 CMD [ "healthy" ]
EXPOSE 80
CMD ["npm", "start"]

4
cli.child.ts Normal file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env node
process.env.CLI_CALL = 'true';
import * as cliTool from './ts/index.js';
cliTool.runCli();

4
cli.js Normal file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env node
process.env.CLI_CALL = 'true';
const cliTool = await import('./dist_ts/index.js');
cliTool.runCli();

5
cli.ts.js Normal file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env node
process.env.CLI_CALL = 'true';
import * as tsrun from '@git.zone/tsrun';
tsrun.runPath('./cli.child.js', import.meta.url);

View File

@ -5,14 +5,29 @@
"githost": "code.foss.global", "githost": "code.foss.global",
"gitscope": "serve.zone", "gitscope": "serve.zone",
"gitrepo": "remoteingress", "gitrepo": "remoteingress",
"description": "a remoteingress service for serve.zone", "description": "Provides a service for creating private tunnels and reaching private clusters from the outside as part of the @serve.zone stack.",
"npmPackagename": "@serve.zone/remoteingress", "npmPackagename": "@serve.zone/remoteingress",
"license": "MIT", "license": "MIT",
"projectDomain": "serve.zone" "projectDomain": "serve.zone",
"keywords": [
"remote access",
"private tunnels",
"network security",
"TLS",
"connector",
"serve.zone",
"private clusters",
"public access",
"TypeScript",
"node.js"
]
} }
}, },
"npmci": { "npmci": {
"npmGlobalTools": [], "npmGlobalTools": [],
"npmAccessLevel": "public" "npmAccessLevel": "public"
},
"tsdoc": {
"legal": "\n## License and Legal Information\n\nThis repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. \n\n**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.\n\n### Trademarks\n\nThis project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.\n\n### Company Information\n\nTask Venture Capital GmbH \nRegistered at District court Bremen HRB 35230 HB, Germany\n\nFor any legal inquiries or if you require further information, please contact us via email at hello@task.vc.\n\nBy using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.\n"
} }
} }

View File

@ -2,7 +2,7 @@
"name": "@serve.zone/remoteingress", "name": "@serve.zone/remoteingress",
"version": "1.0.2", "version": "1.0.2",
"private": false, "private": false,
"description": "a remoteingress service for serve.zone", "description": "Provides a service for creating private tunnels and reaching private clusters from the outside as part of the @serve.zone stack.",
"main": "dist_ts/index.js", "main": "dist_ts/index.js",
"typings": "dist_ts/index.d.ts", "typings": "dist_ts/index.d.ts",
"type": "module", "type": "module",
@ -21,7 +21,9 @@
"@push.rocks/tapbundle": "^5.0.15", "@push.rocks/tapbundle": "^5.0.15",
"@types/node": "^20.8.7" "@types/node": "^20.8.7"
}, },
"dependencies": {}, "dependencies": {
"@push.rocks/qenv": "^6.0.5"
},
"repository": { "repository": {
"type": "git", "type": "git",
"url": "git+https://code.foss.global/serve.zone/remoteingress.git" "url": "git+https://code.foss.global/serve.zone/remoteingress.git"
@ -44,5 +46,17 @@
"cli.js", "cli.js",
"npmextra.json", "npmextra.json",
"readme.md" "readme.md"
],
"keywords": [
"remote access",
"private tunnels",
"network security",
"TLS",
"connector",
"serve.zone",
"private clusters",
"public access",
"TypeScript",
"node.js"
] ]
} }

167
pnpm-lock.yaml generated

File diff suppressed because it is too large Load Diff

3
readme.hints.md Normal file
View File

@ -0,0 +1,3 @@
* this module is part of the @serve.zone stack
* it is used to reach private clusters from outside
* it can be used to create private tunnels to private networks

103
readme.md
View File

@ -1,31 +1,88 @@
# @serve.zone/remoteingress # @serve.zone/remoteingress
a remoteingress service for serve.zone a remoteingress service for serve.zone
## Availabililty and Links ## Install
* [npmjs.org (npm package)](https://www.npmjs.com/package/@serve.zone/remoteingress) To install `@serve.zone/remoteingress`, use the following command in your terminal:
* [gitlab.com (source)](https://code.foss.global/serve.zone/remoteingress)
* [github.com (source mirror)](https://github.com/serve.zone/remoteingress)
* [docs (typedoc)](https://serve.zone.gitlab.io/remoteingress/)
## Status for master ```sh
npm install @serve.zone/remoteingress
```
Status Category | Status Badge This will download and install the remote ingress service and its dependencies in your project.
-- | --
GitLab Pipelines | [![pipeline status](https://code.foss.global/serve.zone/remoteingress/badges/master/pipeline.svg)](https://lossless.cloud)
GitLab Pipline Test Coverage | [![coverage report](https://code.foss.global/serve.zone/remoteingress/badges/master/coverage.svg)](https://lossless.cloud)
npm | [![npm downloads per month](https://badgen.net/npm/dy/@serve.zone/remoteingress)](https://lossless.cloud)
Snyk | [![Known Vulnerabilities](https://badgen.net/snyk/serve.zone/remoteingress)](https://lossless.cloud)
TypeScript Support | [![TypeScript](https://badgen.net/badge/TypeScript/>=%203.x/blue?icon=typescript)](https://lossless.cloud)
node Support | [![node](https://img.shields.io/badge/node->=%2010.x.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
Code Style | [![Code Style](https://badgen.net/badge/style/prettier/purple)](https://lossless.cloud)
PackagePhobia (total standalone install weight) | [![PackagePhobia](https://badgen.net/packagephobia/install/@serve.zone/remoteingress)](https://lossless.cloud)
PackagePhobia (package size on registry) | [![PackagePhobia](https://badgen.net/packagephobia/publish/@serve.zone/remoteingress)](https://lossless.cloud)
BundlePhobia (total size when bundled) | [![BundlePhobia](https://badgen.net/bundlephobia/minzip/@serve.zone/remoteingress)](https://lossless.cloud)
## Usage ## Usage
Use TypeScript for best in class intellisense The `@serve.zone/remoteingress` package is designed to aid in creating secure and private tunnels to private networks, allowing external access to services within a private cluster as part of the @serve.zone stack. To utilize this package, you should have a basic understanding of network protocols and Node.js.
For further information read the linked docs at the top of this readme.
## Legal ### Getting Started
> MIT licensed | **©** [Task Venture Capital GmbH](https://task.vc) First, ensure you have [Node.js](https://nodejs.org/) installed on your system and that your project is set up to support TypeScript.
| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy)
You will need to import the main components of the package, which are `ConnectorPublic` and `ConnectorPrivate`, depending on the role your application is playing. Typically, `ConnectorPublic` would run on a public server accessible from the internet, while `ConnectorPrivate` runs inside a private network, creating a secure tunnel to the `ConnectorPublic` instance.
### Example Setup
#### Using `ConnectorPublic`
The `ConnectorPublic` part of the module is responsible for listening for incoming tunnel connections and forwarding requests to and from the `ConnectorPrivate` instance.
**Example `ConnectorPublic` Usage:**
```typescript
import { ConnectorPublic } from '@serve.zone/remoteingress';
// Initialize ConnectorPublic
const publicConnector = new ConnectorPublic();
```
The above code initializes the `ConnectorPublic`, making it listen for incoming tunnel connections. In practical use, you would need to provide configurations, such as SSL certificates, to secure the tunnel communication.
#### Using `ConnectorPrivate`
The `ConnectorPrivate` component establishes a connection to the `ConnectorPublic` and routes traffic between the public interface and the private network.
**Example `ConnectorPrivate` Usage:**
```typescript
import { ConnectorPrivate } from '@serve.zone/remoteingress';
// Initialize ConnectorPrivate with the host and port of the ConnectorPublic
const privateConnector = new ConnectorPrivate('public.example.com', 4000);
```
This example assumes your `ConnectorPublic` is accessible at `public.example.com` on port `4000`. The `ConnectorPrivate` will establish a secure tunnel to this public endpoint and begin routing traffic.
### Securely Setting Up The Tunnel
Security is paramount when creating tunnels that expose private networks. Ensure you use TLS encryption for your tunnels and validate certificates properly.
For both `ConnectorPublic` and `ConnectorPrivate`, you'll need to provide paths to your SSL certificate files or use a secure context set up with a recognized Certificate Authority (CA).
**Security best practices:**
- Always use TLS to encrypt tunnel traffic.
- Ensure your certificates are valid and up-to-date.
- Consider using client certificates for `ConnectorPrivate` to authenticate to `ConnectorPublic`.
- Monitor and possibly rate-limit connections to avoid abuse.
### Advanced Configuration
Both `ConnectorPublic` and `ConnectorPrivate` allow for advanced configurations and handling to adjust to specific requirements, such as custom routing, handling different types of traffic (e.g., HTTP, HTTPS), and integrating with existing systems.
### Conclusion
This module simplifies the process of setting up secure, remote ingress into private networks. By leveraging TLS and careful configuration, you can safely expose services within a private cluster to the outside world. Always prioritize security in your setup to protect your infrastructure and data.
For more detailed configuration options and advanced use cases, refer to the source code and additional documentation provided in the package.
## License and Legal Information
This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.
**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
### Trademarks
This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.
### Company Information
Task Venture Capital GmbH
Registered at District court Bremen HRB 35230 HB, Germany
For any legal inquiries or if you require further information, please contact us via email at hello@task.vc.
By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

View File

@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@serve.zone/remoteingress', name: '@serve.zone/remoteingress',
version: '1.0.2', version: '1.0.3',
description: 'a remoteingress service for serve.zone' description: 'Provides a service for creating private tunnels and reaching private clusters from the outside as part of the @serve.zone stack.'
} }

View File

@ -1,10 +1,10 @@
import * as tls from 'tls'; import * as plugins from './plugins.js';
export class ConnectorPrivate { export class ConnectorPrivate {
private targetHost: string; private targetHost: string;
private targetPort: number; private targetPort: number;
constructor(targetHost: string, targetPort: number) { constructor(targetHost: string, targetPort: number = 4000) {
this.targetHost = targetHost; this.targetHost = targetHost;
this.targetPort = targetPort; this.targetPort = targetPort;
this.connectToPublicRemoteConnector(); this.connectToPublicRemoteConnector();
@ -12,15 +12,27 @@ export class ConnectorPrivate {
private connectToPublicRemoteConnector(): void { private connectToPublicRemoteConnector(): void {
const options = { const options = {
// If your server requires client certificate authentication, you can specify key and cert here as well // Include CA certificate if necessary, for example:
// ca: fs.readFileSync('path/to/ca.pem'),
rejectUnauthorized: true // Only set this to true if you are sure about the server's certificate
}; };
const tunnel = tls.connect({ port: 4000, ...options }, () => { const tunnel = plugins.tls.connect(this.targetPort, options, () => {
console.log('Connected to PublicRemoteConnector on port 4000'); console.log('Connected to PublicRemoteConnector on port 4000');
}); });
tunnel.on('data', (data: Buffer) => { tunnel.on('data', (data: Buffer) => {
// Similar logic for forwarding data to and from the target const targetConnection = plugins.tls.connect({
host: this.targetHost,
port: this.targetPort,
// Include necessary options for the target connection
}, () => {
targetConnection.write(data);
});
targetConnection.on('data', (backData: Buffer) => {
tunnel.write(backData); // Send data back through the tunnel
});
}); });
} }
} }

View File

@ -1,8 +1,7 @@
import * as tls from 'tls'; import * as plugins from './plugins.js';
import * as fs from 'fs';
export class ConnectorPublic { class PublicRemoteConnector {
private tunnel: tls.TLSSocket | null = null; private tunnel: plugins.tls.TLSSocket | null = null;
constructor() { constructor() {
this.createTunnel(); this.createTunnel();
@ -11,11 +10,11 @@ export class ConnectorPublic {
private createTunnel(): void { private createTunnel(): void {
const options = { const options = {
key: fs.readFileSync('path/to/key.pem'), key: plugins.fs.readFileSync('path/to/key.pem'),
cert: fs.readFileSync('path/to/cert.pem') cert: plugins.fs.readFileSync('path/to/cert.pem'),
}; };
const server = tls.createServer(options, (socket: tls.TLSSocket) => { const server = plugins.tls.createServer(options, (socket: plugins.tls.TLSSocket) => {
this.tunnel = socket; this.tunnel = socket;
console.log('Tunnel established with LocalConnector'); console.log('Tunnel established with LocalConnector');
}); });
@ -26,7 +25,21 @@ export class ConnectorPublic {
} }
private listenOnPorts(): void { private listenOnPorts(): void {
// Implement similar logic for listening on ports 80 and 443 // Example for port 80, adapt for port 443 similarly
// Keep in mind you may need to adjust how you handle secure and non-secure traffic // Note: TLS for the initial connection might not apply directly for HTTP/HTTPS traffic without additional setup
const options = {
key: plugins.fs.readFileSync('path/to/key.pem'),
cert: plugins.fs.readFileSync('path/to/cert.pem'),
};
plugins.tls.createServer(options, (socket: plugins.tls.TLSSocket) => {
console.log('Received connection, tunneling to LocalConnector');
if (this.tunnel) {
socket.pipe(this.tunnel).pipe(socket);
} else {
console.log('Tunnel to LocalConnector not established');
socket.end();
}
}).listen(80); // Repeat this block for any other ports you wish to listen on
} }
} }

View File

@ -1,3 +1,14 @@
import * as plugins from './remoteingress.plugins.js'; import * as plugins from './plugins.js';
export let demoExport = 'Hi there! :) This is an exported string'; import { ConnectorPublic } from './connector.public.js';
import { ConnectorPrivate } from './connector.private.js';
export {
ConnectorPublic,
ConnectorPrivate
}
export const runCli = async () => {
const qenv = new plugins.qenv.Qenv();
const mode = await qenv.getEnvVarOnDemand('MODE');
}

15
ts/plugins.ts Normal file
View File

@ -0,0 +1,15 @@
// node native scope
import * as tls from 'tls';
import * as fs from 'fs';
export {
tls,
fs,
}
// @push.rocks scope
import * as qenv from '@push.rocks/qenv';
export {
qenv,
}

View File

@ -1,4 +0,0 @@
const removeme = {};
export {
removeme
}