bagas/tunnel-please
Public Access
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bagas:2644b4521cc27f60d98f56e928e318251bae3b90
Branches Tags
bagas:main bagas:staging
bagas:v1.1.0-alpha.9 bagas:v1.1.0-alpha.8 bagas:v1.1.0-alpha.7 bagas:v1.1.0-alpha.6 bagas:v1.1.0-alpha.5 bagas:v1.1.0-alpha.4 bagas:v1.1.0-alpha.3 bagas:v1.1.0-alpha.2 bagas:v1.1.0-alpha.1 bagas:v1.0.6 bagas:v1.0.5 bagas:v1.0.4 bagas:v1.0.3 bagas:v1.0.1 bagas:v1.0.0
...
compare: bagas:f11a92fb3ba310e71c3889e325d447998756d1da
Branches Tags
bagas:staging bagas:main
bagas:v1.1.0-alpha.9 bagas:v1.1.0-alpha.8 bagas:v1.1.0-alpha.7 bagas:v1.1.0-alpha.6 bagas:v1.1.0-alpha.5 bagas:v1.1.0-alpha.4 bagas:v1.1.0-alpha.3 bagas:v1.1.0-alpha.2 bagas:v1.1.0-alpha.1 bagas:v1.0.6 bagas:v1.0.5 bagas:v1.0.4 bagas:v1.0.3 bagas:v1.0.1 bagas:v1.0.0

3 Commits
2644b4521c ... f11a92fb3b

Author SHA1 Message Date
bagas
f11a92fb3b ci: configure workflow to ignore non-Go file changes
All checks were successful
Docker Build and Push / build-and-push (push) Successful in 3m30s
Details
renovate / renovate (push) Successful in 22s
Details
2025-12-29 15:58:24 +07:00
bagas
ac283626d3 docs: add Docker deployment section 2025-12-29 15:57:31 +07:00
bagas
ad7c5985b1 feat: add docker compose deployment configurations 2025-12-29 15:57:16 +07:00
5 changed files with 228 additions and 1 deletions
Expand all files Collapse all files

8
.gitea/workflows/build.yml
View File

@@ -5,6 +5,14 @@ on:
branches: branches:
- main - main
- staging - staging
paths:
- '**.go'
- 'go.mod'
- 'go.sum'
- 'Dockerfile'
- 'Dockerfile.*'
- '.dockerignore'
- '.gitea/workflows/build.yml'
jobs: jobs:
build-and-push: build-and-push:

105
README.md
View File

@@ -6,7 +6,6 @@ A lightweight SSH-based tunnel server written in Go that enables secure TCP and
- SSH interactive session with real-time command handling - SSH interactive session with real-time command handling
- Custom subdomain management for HTTP tunnels - Custom subdomain management for HTTP tunnels
- Active connection control with drop functionality
- Dual protocol support: HTTP and TCP tunnels - Dual protocol support: HTTP and TCP tunnels
- Real-time connection monitoring - Real-time connection monitoring
## Requirements ## Requirements
@@ -116,6 +115,110 @@ go tool pprof http://localhost:6060/debug/pprof/profile?seconds=30
go tool pprof http://localhost:6060/debug/pprof/heap go tool pprof http://localhost:6060/debug/pprof/heap
``` ```
## Docker Deployment
Three Docker Compose configurations are available for different deployment scenarios. Each configuration uses the image `git.fossy.my.id/bagas/tunnel-please:latest`.
### Configuration Options
#### 1. Root with Host Networking (RECOMMENDED)
**File:** `docker-compose.root.yml`
**Advantages:**
- Full TCP port forwarding support (ports 40000-41000)
- Direct binding to privileged ports (80, 443, 2200)
- Best performance with no NAT overhead
- Maximum flexibility for all tunnel types
- No port mapping limitations
**Use Case:** Production deployments where you need unrestricted TCP forwarding and maximum performance.
**Deploy:**
```bash
docker-compose -f docker-compose.root.yml up -d
```
#### 2. Standard (HTTP/HTTPS Only)
**File:** `docker-compose.standard.yml`
**Advantages:**
- Runs with unprivileged user (more secure)
- Standard port mappings (2200, 80, 443)
- Simple and predictable networking
- TCP port forwarding disabled (`ALLOWED_PORTS=none`)
**Use Case:** Deployments where you only need HTTP/HTTPS tunneling without custom TCP port forwarding.
**Deploy:**
```bash
docker-compose -f docker-compose.standard.yml up -d
```
#### 3. Limited TCP Forwarding
**File:** `docker-compose.tcp.yml`
**Advantages:**
- Runs with unprivileged user (more secure)
- Standard port mappings (2200, 80, 443)
- Limited TCP forwarding (ports 30000-31000)
- Controlled port range exposure
**Use Case:** Deployments where you need both HTTP/HTTPS tunneling and limited TCP forwarding within a specific port range.
**Deploy:**
```bash
docker-compose -f docker-compose.tcp.yml up -d
```
### Quick Start
1. **Choose your configuration** based on your requirements
2. **Edit the environment variables** in the chosen compose file:
- `DOMAIN`: Your domain name (e.g., `example.com`)
- `ACME_EMAIL`: Your email for Let's Encrypt
- `CF_API_TOKEN`: Your Cloudflare API token (if using automatic TLS)
3. **Deploy:**
```bash
docker-compose -f docker-compose.root.yml up -d
```
4. **Check logs:**
```bash
docker-compose -f docker-compose.root.yml logs -f
```
5. **Stop the service:**
```bash
docker-compose -f docker-compose.root.yml down
```
### Volume Management
All configurations use a named volume `certs` for persistent storage:
- SSH keys: `/app/certs/ssh/`
- TLS certificates: `/app/certs/tls/`
To backup certificates:
```bash
docker run --rm -v tunnel_pls_certs:/data -v $(pwd):/backup alpine tar czf /backup/certs-backup.tar.gz -C /data .
```
To restore certificates:
```bash
docker run --rm -v tunnel_pls_certs:/data -v $(pwd):/backup alpine tar xzf /backup/certs-backup.tar.gz -C /data
```
### Recommendation
**Use `docker-compose.root.yml`** for production deployments if you need:
- Full TCP port forwarding capabilities
- Any port range configuration
- Direct port binding without mapping overhead
- Maximum performance and flexibility
This is the recommended configuration for most use cases as it provides the complete feature set without limitations.
## Contributing ## Contributing
Contributions are welcome! Contributions are welcome!

37
docker-compose.root.yml Normal file
View File

@@ -0,0 +1,37 @@
version: '3.8'
services:
tunnel-please:
image: git.fossy.my.id/bagas/tunnel-please:latest
container_name: tunnel-please-root
user: root
network_mode: host
restart: unless-stopped
volumes:
- certs:/app/certs
environment:
DOMAIN: example.com
PORT: 2200
HTTP_PORT: 8080
HTTPS_PORT: 8443
TLS_ENABLED: "true"
TLS_REDIRECT: "true"
ACME_EMAIL: admin@example.com
CF_API_TOKEN: your_cloudflare_api_token_here
ACME_STAGING: "false"
CORS_LIST: http://localhost:3000,https://example.com
ALLOWED_PORTS: 40000-41000
BUFFER_SIZE: 32768
PPROF_ENABLED: "false"
PPROF_PORT: 6060
healthcheck:
test: ["CMD", "/bin/sh", "-c", "netstat -tln | grep -q :2200"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
volumes:
certs:
driver: local

39
docker-compose.standard.yml Normal file
View File

@@ -0,0 +1,39 @@
version: '3.8'
services:
tunnel-please:
image: git.fossy.my.id/bagas/tunnel-please:latest
container_name: tunnel-please-standard
restart: unless-stopped
ports:
- "2200:2200"
- "80:8080"
- "443:8443"
volumes:
- certs:/app/certs
environment:
DOMAIN: example.com
PORT: 2200
HTTP_PORT: 8080
HTTPS_PORT: 8443
TLS_ENABLED: "true"
TLS_REDIRECT: "true"
ACME_EMAIL: admin@example.com
CF_API_TOKEN: your_cloudflare_api_token_here
ACME_STAGING: "false"
CORS_LIST: http://localhost:3000,https://example.com
ALLOWED_PORTS: none
BUFFER_SIZE: 32768
PPROF_ENABLED: "false"
PPROF_PORT: 6060
healthcheck:
test: ["CMD", "/bin/sh", "-c", "netstat -tln | grep -q :2200"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
volumes:
certs:
driver: local

40
docker-compose.tcp.yml Normal file
View File

@@ -0,0 +1,40 @@
version: '3.8'
services:
tunnel-please:
image: git.fossy.my.id/bagas/tunnel-please:latest
container_name: tunnel-please-tcp
restart: unless-stopped
ports:
- "2200:2200"
- "80:8080"
- "443:8443"
- "30000-31000:30000-31000"
volumes:
- certs:/app/certs
environment:
DOMAIN: example.com
PORT: 2200
HTTP_PORT: 8080
HTTPS_PORT: 8443
TLS_ENABLED: "true"
TLS_REDIRECT: "true"
ACME_EMAIL: admin@example.com
CF_API_TOKEN: your_cloudflare_api_token_here
ACME_STAGING: "false"
CORS_LIST: http://localhost:3000,https://example.com
ALLOWED_PORTS: 30000-31000
BUFFER_SIZE: 32768
PPROF_ENABLED: "false"
PPROF_PORT: 6060
healthcheck:
test: ["CMD", "/bin/sh", "-c", "netstat -tln | grep -q :2200"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
volumes:
certs:
driver: local