fix(core): update
This commit is contained in:
parent
0fb7788b97
commit
c8fe27143c
@ -5,7 +5,7 @@
|
|||||||
"githost": "code.foss.global",
|
"githost": "code.foss.global",
|
||||||
"gitscope": "serve.zone",
|
"gitscope": "serve.zone",
|
||||||
"gitrepo": "remoteingress",
|
"gitrepo": "remoteingress",
|
||||||
"description": "Provides a service for creating private tunnels and reaching private clusters from the outside as part of the @serve.zone stack.",
|
"description": "Provides a service for creating private tunnels and reaching private clusters from the outside, facilitating secure remote access as part of the @serve.zone stack.",
|
||||||
"npmPackagename": "@serve.zone/remoteingress",
|
"npmPackagename": "@serve.zone/remoteingress",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"projectDomain": "serve.zone",
|
"projectDomain": "serve.zone",
|
||||||
@ -13,13 +13,18 @@
|
|||||||
"remote access",
|
"remote access",
|
||||||
"private tunnels",
|
"private tunnels",
|
||||||
"network security",
|
"network security",
|
||||||
"TLS",
|
"TLS encryption",
|
||||||
"connector",
|
"connector",
|
||||||
"serve.zone",
|
"serve.zone stack",
|
||||||
"private clusters",
|
"private clusters access",
|
||||||
"public access",
|
"public access management",
|
||||||
"TypeScript",
|
"TypeScript application",
|
||||||
"node.js"
|
"node.js package",
|
||||||
|
"secure communications",
|
||||||
|
"TLS/SSL certificates",
|
||||||
|
"development tools",
|
||||||
|
"software development",
|
||||||
|
"private network integration"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
19
package.json
19
package.json
@ -2,7 +2,7 @@
|
|||||||
"name": "@serve.zone/remoteingress",
|
"name": "@serve.zone/remoteingress",
|
||||||
"version": "1.0.3",
|
"version": "1.0.3",
|
||||||
"private": false,
|
"private": false,
|
||||||
"description": "Provides a service for creating private tunnels and reaching private clusters from the outside as part of the @serve.zone stack.",
|
"description": "Provides a service for creating private tunnels and reaching private clusters from the outside, facilitating secure remote access as part of the @serve.zone stack.",
|
||||||
"main": "dist_ts/index.js",
|
"main": "dist_ts/index.js",
|
||||||
"typings": "dist_ts/index.d.ts",
|
"typings": "dist_ts/index.d.ts",
|
||||||
"type": "module",
|
"type": "module",
|
||||||
@ -51,12 +51,17 @@
|
|||||||
"remote access",
|
"remote access",
|
||||||
"private tunnels",
|
"private tunnels",
|
||||||
"network security",
|
"network security",
|
||||||
"TLS",
|
"TLS encryption",
|
||||||
"connector",
|
"connector",
|
||||||
"serve.zone",
|
"serve.zone stack",
|
||||||
"private clusters",
|
"private clusters access",
|
||||||
"public access",
|
"public access management",
|
||||||
"TypeScript",
|
"TypeScript application",
|
||||||
"node.js"
|
"node.js package",
|
||||||
|
"secure communications",
|
||||||
|
"TLS/SSL certificates",
|
||||||
|
"development tools",
|
||||||
|
"software development",
|
||||||
|
"private network integration"
|
||||||
]
|
]
|
||||||
}
|
}
|
85
readme.md
85
readme.md
@ -1,72 +1,91 @@
|
|||||||
# @serve.zone/remoteingress
|
# @serve.zone/remoteingress
|
||||||
a remoteingress service for serve.zone
|
|
||||||
|
Provides a service for creating private tunnels and reaching private clusters from the outside as part of the @serve.zone stack.
|
||||||
|
|
||||||
## Install
|
## Install
|
||||||
To install `@serve.zone/remoteingress`, use the following command in your terminal:
|
|
||||||
|
To install `@serve.zone/remoteingress`, run the following command in your terminal:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
npm install @serve.zone/remoteingress
|
npm install @serve.zone/remoteingress
|
||||||
```
|
```
|
||||||
|
|
||||||
This will download and install the remote ingress service and its dependencies in your project.
|
This command will download and install the remoteingress package and its dependencies into your project.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
The `@serve.zone/remoteingress` package is designed to aid in creating secure and private tunnels to private networks, allowing external access to services within a private cluster as part of the @serve.zone stack. To utilize this package, you should have a basic understanding of network protocols and Node.js.
|
|
||||||
|
|
||||||
### Getting Started
|
`@serve.zone/remoteingress` is designed to facilitate the creation of secure private tunnels and enable access to private clusters from external sources, offering an integral part of the @serve.zone stack infrastructure. Below, we illustrate how to employ this package within your project, leveraging TypeScript and ESM syntax for modern, type-safe, and modular code.
|
||||||
First, ensure you have [Node.js](https://nodejs.org/) installed on your system and that your project is set up to support TypeScript.
|
|
||||||
|
|
||||||
You will need to import the main components of the package, which are `ConnectorPublic` and `ConnectorPrivate`, depending on the role your application is playing. Typically, `ConnectorPublic` would run on a public server accessible from the internet, while `ConnectorPrivate` runs inside a private network, creating a secure tunnel to the `ConnectorPublic` instance.
|
### Prerequisites
|
||||||
|
|
||||||
### Example Setup
|
Ensure that you have Node.js and TypeScript installed in your environment. Your project should be set up with TypeScript support, and you might want to familiarize yourself with basic networking concepts and TLS/SSL for secure communication.
|
||||||
|
|
||||||
#### Using `ConnectorPublic`
|
### Importing and Initializing Connectors
|
||||||
The `ConnectorPublic` part of the module is responsible for listening for incoming tunnel connections and forwarding requests to and from the `ConnectorPrivate` instance.
|
|
||||||
|
|
||||||
**Example `ConnectorPublic` Usage:**
|
`@serve.zone/remoteingress` offers two primary components: `ConnectorPublic` and `ConnectorPrivate`. Here's how to use them:
|
||||||
|
|
||||||
|
#### Setup ConnectorPublic
|
||||||
|
|
||||||
|
`ConnectorPublic` acts as a gateway, accepting incoming tunnel connections from `ConnectorPrivate` instances and facilitating secure communication between the internet and your private network.
|
||||||
|
|
||||||
```typescript
|
```typescript
|
||||||
import { ConnectorPublic } from '@serve.zone/remoteingress';
|
import { ConnectorPublic } from '@serve.zone/remoteingress';
|
||||||
|
|
||||||
// Initialize ConnectorPublic
|
// Initialize ConnectorPublic
|
||||||
const publicConnector = new ConnectorPublic();
|
const publicConnector = new ConnectorPublic({
|
||||||
|
tlsOptions: {
|
||||||
|
key: fs.readFileSync("<path-to-your-tls/key.pem>"),
|
||||||
|
cert: fs.readFileSync("<path-to-your-cert/cert.pem>"),
|
||||||
|
// Consider including 'ca' and 'passphrase' if required for your setup
|
||||||
|
},
|
||||||
|
listenPort: 443 // Example listen port; adjust based on your needs
|
||||||
|
});
|
||||||
```
|
```
|
||||||
|
|
||||||
The above code initializes the `ConnectorPublic`, making it listen for incoming tunnel connections. In practical use, you would need to provide configurations, such as SSL certificates, to secure the tunnel communication.
|
#### Setup ConnectorPrivate
|
||||||
|
|
||||||
#### Using `ConnectorPrivate`
|
`ConnectorPrivate` establishes a secure tunnel to `ConnectorPublic`, effectively bridging your internal services with the external point of access.
|
||||||
The `ConnectorPrivate` component establishes a connection to the `ConnectorPublic` and routes traffic between the public interface and the private network.
|
|
||||||
|
|
||||||
**Example `ConnectorPrivate` Usage:**
|
|
||||||
|
|
||||||
```typescript
|
```typescript
|
||||||
import { ConnectorPrivate } from '@serve.zone/remoteingress';
|
import { ConnectorPrivate } from '@serve.zone/remoteingress';
|
||||||
|
|
||||||
// Initialize ConnectorPrivate with the host and port of the ConnectorPublic
|
// Initialize ConnectorPrivate pointing to your ConnectorPublic instance
|
||||||
const privateConnector = new ConnectorPrivate('public.example.com', 4000);
|
const privateConnector = new ConnectorPrivate({
|
||||||
|
publicHost: 'your.public.domain.tld',
|
||||||
|
publicPort: 443, // Ensure this matches the listening port of ConnectorPublic
|
||||||
|
tlsOptions: {
|
||||||
|
// You might want to specify TLS options here, similar to ConnectorPublic
|
||||||
|
}
|
||||||
|
});
|
||||||
```
|
```
|
||||||
|
|
||||||
This example assumes your `ConnectorPublic` is accessible at `public.example.com` on port `4000`. The `ConnectorPrivate` will establish a secure tunnel to this public endpoint and begin routing traffic.
|
### Secure Communication
|
||||||
|
|
||||||
### Securely Setting Up The Tunnel
|
It's imperative to ensure that the communication between `ConnectorPublic` and `ConnectorPrivate` is secure:
|
||||||
Security is paramount when creating tunnels that expose private networks. Ensure you use TLS encryption for your tunnels and validate certificates properly.
|
|
||||||
|
|
||||||
For both `ConnectorPublic` and `ConnectorPrivate`, you'll need to provide paths to your SSL certificate files or use a secure context set up with a recognized Certificate Authority (CA).
|
- Always use valid TLS certificates.
|
||||||
|
- Prefer using certificates issued by recognized Certificate Authorities (CA).
|
||||||
|
- Optionally, configure mutual TLS (mTLS) by requiring client certificates for an added layer of security.
|
||||||
|
|
||||||
**Security best practices:**
|
### Advanced Usage
|
||||||
|
|
||||||
- Always use TLS to encrypt tunnel traffic.
|
Both connectors can be finely tuned:
|
||||||
- Ensure your certificates are valid and up-to-date.
|
|
||||||
- Consider using client certificates for `ConnectorPrivate` to authenticate to `ConnectorPublic`.
|
|
||||||
- Monitor and possibly rate-limit connections to avoid abuse.
|
|
||||||
|
|
||||||
### Advanced Configuration
|
- **Logging and Monitoring:** Integrate with your existing logging and monitoring systems to keep tabs on tunnel activity, performance metrics, and potential security anomalies.
|
||||||
Both `ConnectorPublic` and `ConnectorPrivate` allow for advanced configurations and handling to adjust to specific requirements, such as custom routing, handling different types of traffic (e.g., HTTP, HTTPS), and integrating with existing systems.
|
|
||||||
|
|
||||||
### Conclusion
|
- **Custom Handlers:** Implement custom traffic handling logic for specialized routing, filtering, or protocol-specific processing.
|
||||||
This module simplifies the process of setting up secure, remote ingress into private networks. By leveraging TLS and careful configuration, you can safely expose services within a private cluster to the outside world. Always prioritize security in your setup to protect your infrastructure and data.
|
|
||||||
|
|
||||||
For more detailed configuration options and advanced use cases, refer to the source code and additional documentation provided in the package.
|
- **Automation:** Automate the deployment and scaling of both `ConnectorPublic` and `ConnectorPrivate` instances using infrastructure-as-code (IAC) tools and practices, ensuring that your tunneling infrastructure can dynamically adapt to the ever-changing needs of your services.
|
||||||
|
|
||||||
|
### Example Scenarios
|
||||||
|
|
||||||
|
1. **Securing Application APIs:** Use `@serve.zone/remoteingress` to expose private APIs to your frontend deployed on a public cloud, ensuring that only your infrastructure can access these endpoints.
|
||||||
|
|
||||||
|
2. **Remote Database Access:** Securely access databases within a private VPC from your local development machine without opening direct access to the internet.
|
||||||
|
|
||||||
|
3. **Service Mesh Integration:** Integrate `@serve.zone/remoteingress` as part of a service mesh setup to securely connect services across multiple clusters with robust identity and encryption at the tunnel level.
|
||||||
|
|
||||||
|
For detailed documentation, API references, and additional use cases, please refer to the inline documentation and source code within the package. Always prioritize security and robustness when dealing with network ingress to protect your infrastructure and data from unauthorized access and threats.
|
||||||
|
|
||||||
## License and Legal Information
|
## License and Legal Information
|
||||||
|
|
||||||
|
@ -3,6 +3,6 @@
|
|||||||
*/
|
*/
|
||||||
export const commitinfo = {
|
export const commitinfo = {
|
||||||
name: '@serve.zone/remoteingress',
|
name: '@serve.zone/remoteingress',
|
||||||
version: '1.0.3',
|
version: '1.0.4',
|
||||||
description: 'Provides a service for creating private tunnels and reaching private clusters from the outside as part of the @serve.zone stack.'
|
description: 'Provides a service for creating private tunnels and reaching private clusters from the outside, facilitating secure remote access as part of the @serve.zone stack.'
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
import * as plugins from './plugins.js';
|
import * as plugins from './plugins.js';
|
||||||
|
|
||||||
class PublicRemoteConnector {
|
export class ConnectorPublic {
|
||||||
private tunnel: plugins.tls.TLSSocket | null = null;
|
private tunnel: plugins.tls.TLSSocket | null = null;
|
||||||
|
|
||||||
constructor() {
|
constructor() {
|
||||||
|
Loading…
Reference in New Issue
Block a user