bagas/tunnel-please
Public Access
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
103 Commits 2 Branches 15 Tags
a4f92f8805f89996ae7d7088def1f9691c960906
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Tunnel Please

A lightweight SSH-based tunnel server written in Go that enables secure TCP and HTTP forwarding with an interactive terminal interface for managing connections and custom subdomains.

Features

  • SSH interactive session with real-time command handling
  • Custom subdomain management for HTTP tunnels
  • Active connection control with drop functionality
  • Dual protocol support: HTTP and TCP tunnels
  • Real-time connection monitoring

Requirements

  • Go 1.18 or higher
  • Valid domain name for subdomain routing

Environment Variables

The following environment variables can be configured in the .env file:

Variable Description Default Required
DOMAIN Domain name for subdomain routing localhost No
PORT SSH server port 2200 No
TLS_ENABLED Enable TLS/HTTPS false No
TLS_REDIRECT Redirect HTTP to HTTPS false No
CERT_LOC Path to TLS certificate certs/cert.pem No
KEY_LOC Path to TLS private key certs/privkey.pem No
CERT_STORAGE_PATH Path for CertMagic certificate storage certs/certmagic No
ACME_EMAIL Email for Let's Encrypt registration admin@<DOMAIN> No
CF_API_TOKEN Cloudflare API token for DNS-01 challenge - Yes (if auto-cert)
ACME_STAGING Use Let's Encrypt staging server false No
SSH_PRIVATE_KEY Path to SSH private key (auto-generated if missing) certs/id_rsa No
CORS_LIST Comma-separated list of allowed CORS origins - No
ALLOWED_PORTS Port range for TCP tunnels (e.g., 40000-41000) 40000-41000 No
BUFFER_SIZE Buffer size for io.Copy operations in bytes (4096-1048576) 32768 No
PPROF_ENABLED Enable pprof profiling server false No
PPROF_PORT Port for pprof server 6060 No

Note: All environment variables now use UPPERCASE naming. The application includes sensible defaults for all variables, so you can run it without a .env file for basic functionality.

Automatic TLS Certificate Management

The server supports automatic TLS certificate generation and renewal using CertMagic with Cloudflare DNS-01 challenge. This is required for wildcard certificate support (*.yourdomain.com).

How it works:

  1. If user-provided certificates (CERT_LOC, KEY_LOC) exist and cover both DOMAIN and *.DOMAIN, they will be used
  2. If certificates are missing, expired, expiring within 30 days, or don't cover the required domains, CertMagic will automatically obtain new certificates from Let's Encrypt
  3. Certificates are automatically renewed before expiration
  4. User-provided certificates support hot-reload (changes detected every 30 seconds)

Cloudflare API Token Setup:

To use automatic certificate generation, you need a Cloudflare API token with the following permissions:

  1. Go to Cloudflare Dashboard
  2. Click "Create Token"
  3. Use "Create Custom Token" with these permissions:
    • Zone → Zone → Read (for all zones or specific zone)
    • Zone → DNS → Edit (for all zones or specific zone)
  4. Copy the token and set it as CF_API_TOKEN environment variable

Example configuration for automatic certificates:

DOMAIN=example.com
TLS_ENABLED=true
CF_API_TOKEN=your_cloudflare_api_token_here
ACME_EMAIL=admin@example.com
# ACME_STAGING=true  # Uncomment for testing to avoid rate limits

SSH Key Auto-Generation

If the SSH private key specified in SSH_PRIVATE_KEY doesn't exist, the application will automatically generate a new 4096-bit RSA key pair at the specified location. This makes it easier to get started without manually creating SSH keys.

Memory Optimization

The application uses a buffer pool with controlled buffer sizes to prevent excessive memory usage under high concurrent loads. The BUFFER_SIZE environment variable controls the size of buffers used for io.Copy operations:

  • Default: 32768 bytes (32 KB) - Good balance for most scenarios
  • Minimum: 4096 bytes (4 KB) - Lower memory usage, more CPU overhead
  • Maximum: 1048576 bytes (1 MB) - Higher throughput, more memory usage

Recommended settings based on load:

  • Low traffic (<100 concurrent): BUFFER_SIZE=32768 (default)
  • High traffic (>100 concurrent): BUFFER_SIZE=16384 or BUFFER_SIZE=8192
  • Very high traffic (>1000 concurrent): BUFFER_SIZE=8192 or BUFFER_SIZE=4096

The buffer pool reuses buffers across connections, preventing memory fragmentation and reducing garbage collection pressure.

Profiling with pprof

To enable profiling for performance analysis:

  1. Set PPROF_ENABLED=true in your .env file
  2. Optionally set PPROF_PORT to your desired port (default: 6060)
  3. Access profiling data at http://localhost:6060/debug/pprof/

Common pprof endpoints:

  • /debug/pprof/ - Index page with available profiles
  • /debug/pprof/heap - Memory allocation profile
  • /debug/pprof/goroutine - Stack traces of all current goroutines
  • /debug/pprof/profile - CPU profile (30-second sample by default)
  • /debug/pprof/trace - Execution trace

Example usage with go tool pprof:

# Analyze CPU profile
go tool pprof http://localhost:6060/debug/pprof/profile?seconds=30

# Analyze memory heap
go tool pprof http://localhost:6060/debug/pprof/heap

Contributing

Contributions are welcome!

If you'd like to contribute to this project, please follow the workflow below:

  1. Fork the repository
  2. Create a new branch for your changes
  3. Commit and push your updates
  4. Open a Pull Request targeting the staging branch
  5. Clearly describe your changes and the reasoning behind them

License

This project is licensed under the Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) license.

Author

Bagas (fossyy)

Reference in New Issue View Git Blame Copy Permalink
Description
A lightweight SSH-based tunnel server written in Go
https://tunnl.live
Readme 22 MiB
Languages
Go 98.4%
Dockerfile 1.6%