-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update README.md with info about docker image.
- Loading branch information
1 parent
e3c3756
commit b4b4ece
Showing
1 changed file
with
40 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,43 @@ | ||
| #WebSockets Proxy | ||
|
|
||
| A virtual ethernet switch built using Tornado in Python | ||
| A websocket ethernet switch built using Tornado in Python | ||
|
|
||
| Implements crude rate limiting on WebSocket connections to prevent abuse. | ||
|
|
||
| Could use some cleanup! | ||
|
|
||
| ## How it works | ||
| It's quite simple. The program starts off by creating a TAP device and listening | ||
| for websocket connections on port 80. When clients connect, ethernet frames | ||
| received via the websocket are switched between connected clients and the TAP | ||
| device. All communication is done via raw ethernet frames.o | ||
|
|
||
| To use this in support of a virtual network you must set up the host system as | ||
| a DHCP server and router. | ||
|
|
||
| SSL support is not included. To enable SSL, please use a reverse proxy with SSL | ||
| and websockets support, such as nginx. | ||
|
|
||
|
|
||
| ## Getting Started | ||
| The easiest way to get up and running is via its public docker image. This | ||
| image will set up a fully contained router enviornment using IPTables for | ||
| basic NAT functionality and dnsmasq for DHCP support. | ||
|
|
||
| To set up the relay via docker simply run | ||
|
|
||
| ``` | ||
| docker run --privileged -p 8080:80 --name relay benjamincburns/jor1k-relay:latest | ||
| ``` | ||
|
|
||
| and point jor1k, your VPN client, or your emulator of choice at | ||
| ws://YOUR_HOSTNAME:8080/ | ||
|
|
||
| Note that the container must be run in priviliged mode so that it can create | ||
| its TAP device and set up IPv4 masquerading. | ||
|
|
||
| For better security be sure to set up an Nginx reverse proxy with SSL support | ||
| along with a more isolated docker bridge and some host-side firewall rules | ||
| which prevent clients of your relay from attempting to connect to your host | ||
| machine. | ||
|
|
||
| Accepts ethernet frames via a WebSocket, or an ethernet TAP device. | ||
| Rate limits WebSocket connections to prevent abuse. Could use some cleaning! |