This TCP relay/reverse proxy can be used to expose any TCP/IP service running behind a NAT. This includes services that use HTTP and SSH.
To install from npm
sudo npm install -g node-tcp-relay
The relay server is meant to be executed on a server visible on the internet, as follows
tcprelays --relayPort 10080 --servicePort 10081 [--hostname [IP]] [--secret key] [--tls [both]] [--pfx file] [--passphrase passphrase]
relayPort
is the port where the relay server will listen for incoming connections from the relay client. servicePort
is the port where internet clients can connect to the service exposed through the relay. Optionally, hostname
specifies the IP address to listen at. Node.js listens on unspecified IPv6 address ::
by default.
secret
specifies a shared secret key used to authorize relay client. tls
option enables secure communication with relay client using TLS. If followed by both
, TLS is also enabled on the service port. pfx
option specifies a private key file used to establish TLS. passphrase
specifies password used to protect private key.
The relay client is meant to be executed on a machine behind a NAT, as follows
tcprelayc --host host --port 10080 --relayHost host --relayPort port [--numConn count] [--secret key] [--tls [both]] [--rejectUnauthorized]
host
is any server visible to the machine behind the NAT. port
is the port of the service you want to expose through the relay.
relayServer
is the host name or IP address of the server visible on the internet executing the relay server. relayPort
is the relay server port where the client will connect.
numConn
is the number of unused connections relay client maintains with the server. As soon as it detects data activity on a socket, it establishes another connection. Servicing internet clients that don't transfer any data may lead to denial of service.
secret
specifies a shared secret key relay client sends to server for the purpose of authorization. tls
enables secure TLS communication with relay server. If followed by both
, TLS is also used with server behind the NAT. rejectUnauthorized
enables checking for valid server certificate.
If you're relaying HTTP(S), use a reverse proxy such as http-proxy, between the relay client and the local service e.g.
var httpProxy = require('http-proxy');
httpProxy.createProxyServer({target:'http://host:port'}).listen(port);
Create and start a relay server thus
var relayServer = require("node-tcp-relay");
var newRelayServer = relayServer.createRelayServer(10080, 10081);
End relay server
newRelayServer.end();
Create and start a relay client thus
var relayClient = require("node-tcp-relay")
var newRelayClient = relayClient.createRelayClient("hostname", 8080, "relayserver", 10080, 1);
End relay client
newRelayClient.end();
- ssh -R
- VPN