About Reverst:
Reverst is a powerful reverse tunneling tool consisting of a reverse tunneling server with load balancing and a server-client library, developed in Go and based on QUIC and HTTP/3.
关于QUIC和HTTP/3
QUIC,即快速UDP互联网连接协议。 QUIC(Quick UDP Internet Connections)是由 Google 从2013年开始研究的基于UDP的可靠传输协议,它最早的原型是SPDY + QUIC-Crypto + Reliable UDP,后来经历了SPDY转型为2015年5月IETF 正式发布的HTTP/2.0。 考虑到HTTP/2.0和TLS/1.3的发布,它的核心协议族逐步进化为现在的HTTP/3.0 + TLS/1.3 + QUIC-Transport的组合。
HTTP3, on the other hand, uses UDP to achieve high speeds while maintaining QUIC stability (choosing QUIC means choosing UDP) without sacrificing TLS security. The transport layer of HTTP/3 is not TCP, but UDP+QUIC.
Tool features
The current version of Reverst has the following features:
1. Go language driver: developed based on pure Go language, using libraries;
2. Compatibility; The client package (Go) is abstractly implemented based on the net/http standard library;
3. Load balancing: multiple service instances can be run in the same tunnel;
4. High performance: based on QUIC and HTTP/3 to realize its functions;
Usage scenarios
Reverst is primarily used to expose services in a restricted network, such as those protected by NAT gateways, to the Internet. The tunnel file needs to be deployed on the Internet, and then the client server establishes communication with the tunnel and registers it in the target tunnel group. A tunnel group is a set of load-balanced client servers that are exposed to the public network through the HTTP interface of the reverse tunnel.
The following diagram illustrates the tunnel lifecycle:
Tool installation
client
Client Installation Command:
go get go.flipt.io/reverst/client Code Build:
go install ./client/... Server-side
Code Build:
go install ./cmd/... Test
Reverst uses Dagger to configure and run an integration test suite:
dagger call test --source=. The test suite configures a tunnel and registers a server-client in the tunnel and requests services through the tunnel's HTTP interface.
tool runs
The following parameters are examples of parameters when the tunnel server is running:
1、QUCI隧道监听127.0.0.1:7171;
2. HTTP service listener 127.0.0.1:8181;
3. The logging is set to the debug level;
The configuration command is as follows:
go run ./cmd/reverst/... -l debug \
-n flipt.dev.local \
-g examples/simple/group.yml \
-k examples/simple/server.key \
-c examples/simple/server.crt The following command can be used to run the sample server:
go run ./examples/simple/main.go --username user --password pass The following command can send a request to the service:
curl -H 'Host: flipt.dev.local' 127.0.0.1:8181/fo Tool usage and configuration
Command line argument options and environment variables
reverst -h
COMMAND
reverst
USAGE
reverst [FLAGS]
FLAGS
-l, --log LEVEL debug、info、warn或error (默认: INFO)
-a, --tunnel-address STRING 接收隧道QUIC连接的地址 (默认: 127.0.0.1:7171)
-s, --http-address STRING 处理HTTP请求的地址 (默认: 0.0.0.0:8181)
-n, --server-name STRING 通过TLS识别隧道的服务器名称 (必须)
-k, --private-key-path STRING path to TLS private key PEM file (必须)
-c, --certificate-path STRING TLS证书PEM文件路径 (必须)
-g, --tunnel-groups STRING k8s配置映射标识符或文件路径 (默认: groups.yml)
-w, --watch-groups 监控隧道组源以获取更新
--management-address STRING 管理API的HTTP地址
--max-idle-timeout DURATION 连接可以空闲的最长时间 (默认: 1ms)
--keep-alive-period DURATION keep-alive事件间隔时间(默认: 30s) Tunnel group configuration
reverst -g path/to/configuration.yml
// alternatively:
reverst -g file:///path/to/configuration.yml Or:
reverst -g k8s://configmap/default/tunnelconfig/groups.yml Configure multiple authentication policies
groups:
"group-name":
hosts:
- "some.host.address.dev" # Host for routing inbound HTTP requests to tunnel group
authentication:
basic:
username: "user"
password: "pass"
bearer:
token: "some-token"
external:
scheme: "JWT"
endpoint: "http://some-external-endpoint/auth/ext" License Agreement
This project is developed and released under an open source license.
Project address
Reverst:https://github.com/flipt-io/reverst/
Resources
https://github.com/quic-go/quic-go