Merge pull request #13 from mmatczuk/mmt/readme_update

mmatczuk · web-flow · commit d08a366800a6 · 2017-02-20T17:00:20.000+01:00
Readme update
diff --git a/README.md b/README.md
@@ -1,11 +1,127 @@
 # Tunnel [![GoDoc](http://img.shields.io/badge/go-documentation-blue.svg?style=flat-square)](http://godoc.org/github.com/mmatczuk/go-http-tunnel) [![Go Report Card](https://goreportcard.com/badge/github.com/mmatczuk/go-http-tunnel)](https://goreportcard.com/report/github.com/mmatczuk/go-http-tunnel) [![Build Status](http://img.shields.io/travis/mmatczuk/go-http-tunnel.svg?style=flat-square)](https://travis-ci.org/mmatczuk/go-http-tunnel)
 
-Tunnel is fast and secure server/client package that enables proxying public connections to your local machine over a tunnel connection from the local machine to the public server. In other words you can share your localhost even if it doesn't have a public IP or if it's not reachable from outside.
+Tunnel is fast and secure client/server package that enables proxying public connections to your local machine over a tunnel connection from the local machine to the public server. **It enables you to share your localhost when you dont't have a public IP or you are hidden by a firewall**.
 
-It uses HTTP/2 protocol for data transport and connection multiplexing.
+It can help you:
 
-With tunnel you can proxy:
+* Demo without deploying
+* Simplify mobile device testing
+* Build webhook integrations with ease
+* Run personal cloud services from your own private network
 
-* HTTP
-* TCP
-* UNIX sockets
+It is based on HTTP/2 for speed and security. Server accepts TLS connection from known clients, client is recognised by it's TLS certificate id. Server can protect HTTP tunnels with [basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication).
+
+## Installation
+
+Download latest release from [here](https://github.com/mmatczuk/go-http-tunnel/releases/latest).  The release contains two executables:
+
+* `tunneld` - the tunnel server, to be run on publicly available host like AWS or GCE
+* `tunnel` - the tunnel client, to be run on your local machine or in your private network
+
+To get help on the command parameters run `tunneld -h` or `tunnel -h`.
+
+## Configuration
+
+The tunnel client `tunnel` requires configuration file, by default it will try reading `tunnel.yml` in your current working directory. If you want to specify other file use `-config` flag.
+
+Sample configuration that exposes:
+
+* `localhost:8080` as `webui.my-tunnel-host.com` 
+* host in private network for ssh connections
+
+looks like this
+
+```yaml
+    server_addr: SERVER_IP:4443
+    insecure_skip_verify: true
+    tunnels:
+      webui:
+        proto: http
+        addr: localhost:8080
+        auth: user:password
+        host: webui.my-tunnel-host.com
+      ssh:
+        proto: tcp
+        addr: 192.168.0.5:22
+        remote_addr: 0.0.0.0:22
+```
+
+Configuration options:
+
+* `server_addr`: server TCP address, i.e. `54.12.12.45:4443`
+* `insecure_skip_verify`: controls whether a client verifies the server's certificate chain and host name, if using self signed certificates must be set to `true`, *default:* `false`
+* `tls_crt`: path to client TLS certificate, *default:* `client.crt` *in the config file directory*
+* `tls_key`: path to client TLS certificate key, *default:* `client.key` *in the config file directory*
+*  `tunnels / [name]` 
+    * `proto`: tunnel protocol, `http` or `tcp`
+    * `addr`: forward traffic to this local port number or network address, for `proto=http` this can be full URL i.e. `https://machine/sub/path/?plus=params`, supports URL schemes `http` and `https`
+    * `auth`: (`proto=http`) (optional) basic authentication credentials to enforce on tunneled requests, format `user:password`
+    * `host`: (`proto=http`) hostname to request (requires reserved name and DNS CNAME)
+    * `remote_addr`: (`proto=tcp`) bind the remote TCP address
+* `backoff`
+    * `interval`: how long client would wait before redialing the server if connection was lost, exponential backoff initial interval, *default:* `500ms`
+    * `multiplier`: interval multiplier if reconnect failed, *default:* `1.5`
+    * `max_interval`: maximal time client would wait before redialing the server, *default:* `1m`
+    * `max_time`: maximal time client would try to reconnect to the server if connection was lost, set `0` to never stop trying, *default:* `15m`
+
+## Running
+
+Tunnel requires TLS certificates for both client and server.
+
+```bash
+$ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout client.key -out client.crt
+$ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout server.key -out server.crt
+```
+
+Run client:
+
+* Install `tunnel` binary
+* Make `.tunnel` directory in your project directory
+* Copy `client.key`, `client.crt` to `.tunnel` 
+* Create configuration file `tunnel.yml` in `.tunnel`
+* Start all tunnels
+
+```bash
+$ tunnel -config ./tunnel/tunnel.yml start-all
+```
+
+Run server:
+
+* Install `tunneld` binary
+* Make `.tunneld` directory
+* Copy `server.key`, `server.crt` to `.tunneld`
+* Get client identifier (`tunnel -config ./tunnel/tunnel.yml id`), identifier should look like this `YMBKT3V-ESUTZ2Z-7MRILIJ-T35FHGO-D2DHO7D-FXMGSSR-V4LBSZX-BNDONQ4`
+* Start tunnel server 
+
+```bash
+$ tunneld -tlsCrt .tunneld/server.crt -tlsKey .tunneld/server.key -clients YMBKT3V-ESUTZ2Z-7MRILIJ-T35FHGO-D2DHO7D-FXMGSSR-V4LBSZX-BNDONQ4
+``` 
+
+This will run HTTP server on port `80` and HTTPS (HTTP/2) server on port `443`. If you want to use HTTPS it's recommended to get a properly signed certificate to avoid security warnings. 
+
+## Using as library
+
+Install the package:
+
+```bash
+$ go get -u github.com/mmatczuk/go-http-tunnel
+```
+
+The `tunnel` package is designed to be simple, extensible, with little dependencies. It is based on HTTP/2 for client server connectivity, this avoids usage of third party tools for multiplexing tunneled connections. HTTP/2 is faster, more stable and much more tested then any other multiplexing technology. You may see [benchmark](benchmark) comparing the `tunnel` package to a koding tunnel.
+
+The `tunnel` package:
+
+* custom dialer and listener for `Client` and `Server`
+* easy modifications of HTTP proxy (based on [ReverseProxy](https://golang.org/pkg/net/http/httputil/#ReverseProxy))
+* proxy anything, [ProxyFunc](https://godoc.org/github.com/mmatczuk/go-http-tunnel#ProxyFunc) architecture
+* structured logs with go-kit compatible minimal logger interface
+
+See:
+
+* [ClientConfig](https://godoc.org/github.com/mmatczuk/go-http-tunnel#ClientConfig)
+* [ServerConfig](https://godoc.org/github.com/mmatczuk/go-http-tunnel#ServerConfig)
+* [ControlMessage](https://godoc.org/github.com/mmatczuk/go-http-tunnel/proto#ControlMessage)
+
+## License
+
+The BSD 3-Clause License
diff --git a/TODO.md b/TODO.md
@@ -1,7 +1,3 @@
-Release 1.0
-
-1. docs: new README
-
 Backlog
 
 1. monitoring: client connection state machine
@@ -13,21 +9,3 @@ Backlog
 1. proxy: host_header modifier
 1. security: certificate signature checks
 1. cli: integrated certificate generation
-
-Notes for README
-
-1. HTTP/2
-1. Server http.RoundTriper
-1. Extensible Proxy architecture
-1. Configurable HTTP proxy httputil.ReverseProxy
-1. Custom listener and dialer
-1. Connection back off
-1. Dynamic tunnel management
-1. Structured logs, go kit logger compatible
-
-Log levels:
-
-* 0 - Critical, error something went really wrong
-* 1 - Info, something important happened
-* 2 - Debug
-* 3 - Trace, reserved for data transfer logs
diff --git a/cmd/tunnel/options.go b/cmd/tunnel/options.go
@@ -26,15 +26,15 @@ config.yaml:
 	server_addr: SERVER_IP:4443
 	insecure_skip_verify: true
 	tunnels:
-	  www:
+	  webui:
 	    proto: http
-	    addr: http://IP:8080/ui/
+	    addr: localhost:8080
 	    auth: user:password
-	    host: ui.mytunnel.com
+	    host: webui.my-tunnel-host.com
 	  ssh:
 	    proto: tcp
-	    addr: IP:22
-	    remote_addr: 0.0.0.0:2222
+	    addr: 192.168.0.5:22
+	    remote_addr: 0.0.0.0:22
 
 Author:
 	Written by M. Matczuk (mmatczuk@gmail.com)
@@ -63,7 +63,7 @@ type options struct {
 
 func parseArgs() (*options, error) {
 	debug := flag.Bool("debug", false, "Starts gops agent")
-	config := flag.String("config", "tunnel.yaml", "Path to tunnel configuration file")
+	config := flag.String("config", "tunnel.yml", "Path to tunnel configuration file")
 	logTo := flag.String("log", "stdout", "Write log messages to this file, file name or 'stdout', 'stderr', 'none'")
 	logLevel := flag.Int("log-level", 1, "Level of messages to log, 0-3")
 	version := flag.Bool("version", false, "Prints tunnel version")
diff --git a/doc.go b/doc.go
@@ -1,4 +1,4 @@
-// Package tunnel is fast and secure server/client package that enables proxying
+// Package tunnel is fast and secure client/server package that enables proxying
 // public connections to your local machine over a tunnel connection from the
 // local machine to the public server.
 package tunnel
