telebit.js/README.md

| Sponsored by [ppl](https://ppl.family) | [tunnel-server.js](https://git.coolaj86.com/coolaj86/tunnel-server.js) | **tunnel-client.js** |

# stunnel.js

A client that works in combination with [stunneld.js](https://git.coolaj86.com/coolaj86/tunnel-server.js)
to allow you to serve http and https from any computer, anywhere through a secure tunnel.

* CLI
* Library

CLI
===

Installs as `stunnel.js` with the alias `jstunnel`
(for those that regularly use `stunnel` but still like commandline completion).

### Install

```bash
npm install -g 'git+https://git@git.coolaj86.com/coolaj86/tunnel-client.js.git#v1'
```

Or if you want to bow down to the kings of the centralized dictator-net:

```bash
npm install -g stunnel
```

### Usage with OAuth3.org

The OAuth3.org tunnel service is in Beta.

**Terms of Service**: The Software and Services shall be used for Good, not Evil.
Examples of good: education, business, pleasure. Examples of evil: crime, abuse, extortion.

```bash
stunnel.js --agree-tos --email john@example.com --locals http:*:4080,https:*:8443 --device
```

```bash
stunnel.js \
  --agree-tos --email <EMAIL> \
  --locals <List of <SCHEME>:<EXTERNAL_DOMAINNAME>:<INTERNAL_PORT>> \
  --device [HOSTNAME] \
  --domains [Comma-separated list of domains to attach to device] \
  --oauth3-url <Tunnel Service OAuth3 URL>
```

### Advanced Usage (DIY)

How to use `stunnel.js` with your own instance of `stunneld.js`:

```bash
stunnel.js \
  --locals <<external domain name>> \
  --stunneld wss://<<tunnel domain>>:<<tunnel port>> \
  --secret <<128-bit hex key>>
```

```bash
stunnel.js --locals john.example.com --stunneld wss://tunnel.example.com:443 --secret abc123
```

```bash
stunnel.js \
  --locals <<protocol>>:<<external domain name>>:<<local port>> \
  --stunneld wss://<<tunnel domain>>:<<tunnel port>> \
  --secret <<128-bit hex key>>
```

```bash
stunnel.js \
  --locals http:john.example.com:3000,https:john.example.com \
  --stunneld wss://tunnel.example.com:443 \
  --secret abc123
```

```
--secret          the same secret used by stunneld (used for authentication)
--locals          comma separated list of <proto>:<servername>:<port> to which
                  incoming http and https should be forwarded
--stunneld        the domain or ip address at which you are running stunneld.js
-k, --insecure    ignore invalid ssl certificates from stunneld
```

Library
=======

### Example

```javascript
var stunnel = require('stunnel');

stunnel.connect({
  stunneld: 'wss://tunnel.example.com'
, token: '...'
, locals: [
    // defaults to sending http to local port 80 and https to local port 443
    { hostname: 'doe.net' }

    // sends both http and https to local port 3000 (httpolyglot)
  , { protocol: 'https', hostname: 'john.doe.net', port: 3000 }

    // send http to local port 4080 and https to local port 8443
  , { protocol: 'https', hostname: 'jane.doe.net', port: 4080 }
  , { protocol: 'https', hostname: 'jane.doe.net', port: 8443 }
  ]

, net: require('net')
, insecure: false
});
```

* You can get sneaky with `net` and provide a `createConnection` that returns a `stream.Duplex`.

### Token

```javascript
var tokenData = { domains: [ 'doe.net', 'john.doe.net', 'jane.doe.net' ] }
var secret = 'shhhhh';
var token = jwt.sign(tokenData, secret);
```

### net

Let's say you want to handle http requests in-process
or decrypt https before passing it to the local http handler.

You'll need to create a pair of streams to connect between the
local handler and the tunnel handler.

You could do a little magic like this:

```js
stunnel.connect({
  // ...
, net: {
  createConnection: function (info, cb) {
    // data is the hello packet / first chunk
    // info = { data, servername, port, host, remoteAddress: { family, address, port } }

    var streamPair = require('stream-pair');

    // here "reader" means the socket that looks like the connection being accepted
    var writer = streamPair.create();
    // here "writer" means the remote-looking part of the socket that driving the connection
    var reader = writer.other;
    // duplex = { write, push, end, events: [ 'readable', 'data', 'error', 'end' ] };

    reader.remoteFamily = info.remoteFamily;
    reader.remoteAddress = info.remoteAddress;
    reader.remotePort = info.remotePort;

    // socket.local{Family,Address,Port}
    reader.localFamily = 'IPv4';
    reader.localAddress = '127.0.01';
    reader.localPort = info.port;

    httpsServer.emit('connection', reader);

    if (cb) {
      process.nextTick(cb);
    }

    return writer;
  }
});
```
update links 2018-04-24 01:54:39 +00:00			`\| Sponsored by [ppl](https://ppl.family) \| [tunnel-server.js](https://git.coolaj86.com/coolaj86/tunnel-server.js) \| tunnel-client.js \|`
update links 2018-04-24 01:54:21 +00:00
moving towards release 2016-09-30 12:33:38 -04:00			`# stunnel.js`

update README.md 2018-02-14 23:27:15 -07:00			`A client that works in combination with [stunneld.js](https://git.coolaj86.com/coolaj86/tunnel-server.js)`
detail 2016-09-30 18:07:26 -04:00			`to allow you to serve http and https from any computer, anywhere through a secure tunnel.`
moving towards release 2016-09-30 12:33:38 -04:00
update docs, refactor 2016-10-06 15:01:58 -06:00			`* CLI`
			`* Library`

moving towards release 2016-09-30 12:33:38 -04:00			`CLI`
			`===`

			Installs as `stunnel.js` with the alias `jstunnel`
			(for those that regularly use `stunnel` but still like commandline completion).

			`### Install`

install via git 2017-04-05 16:36:01 -06:00			```bash
update README.md 2018-02-14 23:27:15 -07:00			`npm install -g 'git+https://git@git.coolaj86.com/coolaj86/tunnel-client.js.git#v1'`
install via git 2017-04-05 16:36:01 -06:00			```

			`Or if you want to bow down to the kings of the centralized dictator-net:`

moving towards release 2016-09-30 12:33:38 -04:00			```bash
			`npm install -g stunnel`
			```

get domains by device 2017-03-28 15:31:45 -06:00			`### Usage with OAuth3.org`

update README.md 2018-02-14 23:27:15 -07:00			`The OAuth3.org tunnel service is in Beta.`
get domains by device 2017-03-28 15:31:45 -06:00
			`Terms of Service: The Software and Services shall be used for Good, not Evil.`
			`Examples of good: education, business, pleasure. Examples of evil: crime, abuse, extortion.`

			```bash
			`stunnel.js --agree-tos --email john@example.com --locals http::4080,https::8443 --device`
			```

			```bash
			`stunnel.js \`
			`--agree-tos --email <EMAIL> \`
			`--locals <List of <SCHEME>:<EXTERNAL_DOMAINNAME>:<INTERNAL_PORT>> \`
			`--device [HOSTNAME] \`
			`--domains [Comma-separated list of domains to attach to device] \`
			`--oauth3-url <Tunnel Service OAuth3 URL>`
			```

			`### Advanced Usage (DIY)`
moving towards release 2016-09-30 12:33:38 -04:00
			How to use `stunnel.js` with your own instance of `stunneld.js`:

add simple tunnel usage 2017-03-26 01:37:26 -06:00			```bash
			`stunnel.js \`
			`--locals <<external domain name>> \`
			`--stunneld wss://<<tunnel domain>>:<<tunnel port>> \`
			`--secret <<128-bit hex key>>`
			```

moving towards release 2016-09-30 12:33:38 -04:00			```bash
add another example 2016-10-06 15:16:21 -06:00			`stunnel.js --locals john.example.com --stunneld wss://tunnel.example.com:443 --secret abc123`
			```

add simple tunnel usage 2017-03-26 01:37:26 -06:00			```bash
			`stunnel.js \`
			`--locals <<protocol>>:<<external domain name>>:<<local port>> \`
			`--stunneld wss://<<tunnel domain>>:<<tunnel port>> \`
			`--secret <<128-bit hex key>>`
			```

add another example 2016-10-06 15:16:21 -06:00			```bash
			`stunnel.js \`
			`--locals http:john.example.com:3000,https:john.example.com \`
			`--stunneld wss://tunnel.example.com:443 \`
			`--secret abc123`
moving towards release 2016-09-30 12:33:38 -04:00			```

			```
			`--secret the same secret used by stunneld (used for authentication)`
			`--locals comma separated list of <proto>:<servername>:<port> to which`
			`incoming http and https should be forwarded`
			`--stunneld the domain or ip address at which you are running stunneld.js`
			`-k, --insecure ignore invalid ssl certificates from stunneld`
			```

update docs, refactor 2016-10-06 15:01:58 -06:00			`Library`
			`=======`

			`### Example`

			```javascript
			`var stunnel = require('stunnel');`

			`stunnel.connect({`
			`stunneld: 'wss://tunnel.example.com'`
			`, token: '...'`
			`, locals: [`
			`// defaults to sending http to local port 80 and https to local port 443`
			`{ hostname: 'doe.net' }`

			`// sends both http and https to local port 3000 (httpolyglot)`
			`, { protocol: 'https', hostname: 'john.doe.net', port: 3000 }`

			`// send http to local port 4080 and https to local port 8443`
			`, { protocol: 'https', hostname: 'jane.doe.net', port: 4080 }`
			`, { protocol: 'https', hostname: 'jane.doe.net', port: 8443 }`
			`]`

			`, net: require('net')`
			`, insecure: false`
			`});`
			```

fix streams -> stream typo 2016-10-11 15:39:06 -06:00			* You can get sneaky with `net` and provide a `createConnection` that returns a `stream.Duplex`.
update docs, refactor 2016-10-06 15:01:58 -06:00
			`### Token`

			```javascript
			`var tokenData = { domains: [ 'doe.net', 'john.doe.net', 'jane.doe.net' ] }`
			`var secret = 'shhhhh';`
			`var token = jwt.sign(tokenData, secret);`
			```

			`### net`

			`Let's say you want to handle http requests in-process`
			`or decrypt https before passing it to the local http handler.`
fix paired-duplex example 2016-10-11 14:49:52 -06:00
			`You'll need to create a pair of streams to connect between the`
			`local handler and the tunnel handler.`

update docs, refactor 2016-10-06 15:01:58 -06:00			`You could do a little magic like this:`

syntax hl 2016-12-19 09:31:35 -07:00			```js
update docs, refactor 2016-10-06 15:01:58 -06:00			`stunnel.connect({`
			`// ...`
			`, net: {`
			`createConnection: function (info, cb) {`
			`// data is the hello packet / first chunk`
			`// info = { data, servername, port, host, remoteAddress: { family, address, port } }`

use stream-pair, which actually does what we want 2017-04-28 03:03:07 +00:00			`var streamPair = require('stream-pair');`
update README.md 2018-02-14 23:27:15 -07:00
clarify myDuplex => reader, myDuplex2 => writer 2017-04-28 02:47:41 +00:00			`// here "reader" means the socket that looks like the connection being accepted`
use stream-pair, which actually does what we want 2017-04-28 03:03:07 +00:00			`var writer = streamPair.create();`
clarify myDuplex => reader, myDuplex2 => writer 2017-04-28 02:47:41 +00:00			`// here "writer" means the remote-looking part of the socket that driving the connection`
use stream-pair, which actually does what we want 2017-04-28 03:03:07 +00:00			`var reader = writer.other;`
fix paired-duplex example 2016-10-11 14:49:52 -06:00			`// duplex = { write, push, end, events: [ 'readable', 'data', 'error', 'end' ] };`

clarify myDuplex => reader, myDuplex2 => writer 2017-04-28 02:47:41 +00:00			`reader.remoteFamily = info.remoteFamily;`
			`reader.remoteAddress = info.remoteAddress;`
			`reader.remotePort = info.remotePort;`
update docs, refactor 2016-10-06 15:01:58 -06:00
			`// socket.local{Family,Address,Port}`
clarify myDuplex => reader, myDuplex2 => writer 2017-04-28 02:47:41 +00:00			`reader.localFamily = 'IPv4';`
			`reader.localAddress = '127.0.01';`
			`reader.localPort = info.port;`
update docs, refactor 2016-10-06 15:01:58 -06:00
clarify myDuplex => reader, myDuplex2 => writer 2017-04-28 02:47:41 +00:00			`httpsServer.emit('connection', reader);`
update docs, refactor 2016-10-06 15:01:58 -06:00
use callback if necessary 2016-10-11 13:57:21 -06:00			`if (cb) {`
fix streams typo 2016-10-11 15:43:09 -06:00			`process.nextTick(cb);`
use callback if necessary 2016-10-11 13:57:21 -06:00			`}`

clarify myDuplex => reader, myDuplex2 => writer 2017-04-28 02:47:41 +00:00			`return writer;`
update docs, refactor 2016-10-06 15:01:58 -06:00			`}`
			`});`
			```