telebit-relay.js/README.md

<!-- BANNER_TPL_BEGIN -->

About Daplie: We're taking back the Internet!
--------------

Down with Google, Apple, and Facebook!

We're re-decentralizing the web and making it read-write again - one home cloud system at a time.

Tired of serving the Empire? Come join the Rebel Alliance:

<a href="mailto:jobs@daplie.com">jobs@daplie.com</a> | [Invest in Daplie on Wefunder](https://daplie.com/invest/) | [Pre-order Cloud](https://daplie.com/preorder/), The World's First Home Server for Everyone

<!-- BANNER_TPL_END -->

# stunneld.js

A server that works in combination with [stunnel.js](https://github.com/Daplie/node-tunnel-client)
to allow you to serve http and https from any computer, anywhere through a secure tunnel.

CLI
===

Installs as `stunnel.js` with the alias `jstunnel`
(for those that regularly use `stunnel` but still like commandline completion).

### Install

```bash
npm install -g stunneld
```

### Advanced Usage

How to use `stunnel.js` with your own instance of `stunneld.js`:

```bash
stunneld.js --servernames tunnel.example.com --protocols wss --secret abc123
```

Options

```
--secret          the same secret used by stunnel client (used for authentication)
--serve           comma separated list of <proto>:<servername>:<port> to which
                  incoming http and https should be forwarded
```

### Privileged Ports without sudo

```bash
# Linux
sudo setcap 'cap_net_bind_service=+ep' $(which node)
```

### Alterntive Methods

**NOT YET IMPLEMENTED**

We created this for anyone to use on their own server or VPS,
but those generally cost $5 - $20 / month and so it's probably
cheaper to purchase data transfer (which we supply, obviously),
which is only $1/month for most people.

Just use the client ([stunnel.js](https://github.com/Daplie/node-tunnel-client))
with Daplie's tunneling service (the default) and save yourself the monthly fee
by only paying for the data you need.

	* Daplie Tunnel (zero setup)
	* Heroku (zero cost)
	* Chunk Host (best deal per TB/month)

Security
========

The bottom line: As with everything in life, there is no such thing as anonymity
or absolute security. Only use stunneld services that you trust. :D

Even though the traffic is encrypted end-to-end, you can't just trust any stunneld service
willy-nilly.

A man-in-the-middle attack is possible using Let's Encrypt since an evil stunneld service
would be able to complete the http-01 and tls-sni-01 challenges without a problem
(since that's where your DNS is pointed when you use the service).

Also, the traffic could still be copied and stored for decryption is some era when quantum
computers exist (probably never).
auto-update banner 2016-12-30 02:41:22 -07:00			`<!-- BANNER_TPL_BEGIN -->`
auto-update ad 2016-12-30 02:23:12 -07:00
			`About Daplie: We're taking back the Internet!`
Update README.md 2016-11-25 10:36:14 -07:00			`--------------`

auto-update ad 2016-12-30 02:23:12 -07:00			`Down with Google, Apple, and Facebook!`

			`We're re-decentralizing the web and making it read-write again - one home cloud system at a time.`

			`Tired of serving the Empire? Come join the Rebel Alliance:`
Update README.md 2016-11-25 10:36:14 -07:00
auto-update ad 2016-12-30 02:23:12 -07:00			`<a href="mailto:jobs@daplie.com">jobs@daplie.com</a> \| [Invest in Daplie on Wefunder](https://daplie.com/invest/) \| [Pre-order Cloud](https://daplie.com/preorder/), The World's First Home Server for Everyone`
Update README.md 2016-11-25 10:36:14 -07:00
auto-update banner 2016-12-30 02:41:22 -07:00			`<!-- BANNER_TPL_END -->`
Update README.md 2016-11-25 10:36:14 -07:00
updates 2016-09-30 18:49:08 -04:00			`# stunneld.js`

			`A server that works in combination with [stunnel.js](https://github.com/Daplie/node-tunnel-client)`
			`to allow you to serve http and https from any computer, anywhere through a secure tunnel.`

			`CLI`
			`===`

			Installs as `stunnel.js` with the alias `jstunnel`
			(for those that regularly use `stunnel` but still like commandline completion).

			`### Install`

			```bash
Update README.md 2017-05-25 14:50:51 -06:00			`npm install -g stunneld`
updates 2016-09-30 18:49:08 -04:00			```

			`### Advanced Usage`

			How to use `stunnel.js` with your own instance of `stunneld.js`:

			```bash
cleanup 2016-10-01 02:39:20 -04:00			`stunneld.js --servernames tunnel.example.com --protocols wss --secret abc123`
updates 2016-09-30 18:49:08 -04:00			```

			`Options`

			```
			`--secret the same secret used by stunnel client (used for authentication)`
			`--serve comma separated list of <proto>:<servername>:<port> to which`
			`incoming http and https should be forwarded`
			```

cleanup 2016-10-01 02:39:20 -04:00			`### Privileged Ports without sudo`

			```bash
			`# Linux`
			`sudo setcap 'cap_net_bind_service=+ep' $(which node)`
			```

updates 2016-09-30 18:49:08 -04:00			`### Alterntive Methods`

			`NOT YET IMPLEMENTED`

			`We created this for anyone to use on their own server or VPS,`
			`but those generally cost $5 - $20 / month and so it's probably`
			`cheaper to purchase data transfer (which we supply, obviously),`
			`which is only $1/month for most people.`

			`Just use the client ([stunnel.js](https://github.com/Daplie/node-tunnel-client))`
			`with Daplie's tunneling service (the default) and save yourself the monthly fee`
			`by only paying for the data you need.`

			`* Daplie Tunnel (zero setup)`
			`* Heroku (zero cost)`
			`* Chunk Host (best deal per TB/month)`

			`Security`
			`========`

			`The bottom line: As with everything in life, there is no such thing as anonymity`
			`or absolute security. Only use stunneld services that you trust. :D`

			`Even though the traffic is encrypted end-to-end, you can't just trust any stunneld service`
			`willy-nilly.`

			`A man-in-the-middle attack is possible using Let's Encrypt since an evil stunneld service`
			`would be able to complete the http-01 and tls-sni-01 challenges without a problem`
			`(since that's where your DNS is pointed when you use the service).`

			`Also, the traffic could still be copied and stored for decryption is some era when quantum`
			`computers exist (probably never).`