AUTH-1070: added SSH/protocol forwarding

2026-06-09 20:50:34 +08:00 · 2018-09-21 10:18:23 -05:00
parent 41916365b6
commit fa92441415
10 changed files with 548 additions and 90 deletions
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -3,6 +3,7 @@ package tunnel
 import (
 	"fmt"
 	"io/ioutil"
+	"net"
 	"os"
 	"runtime/trace"
 	"sync"
@@ -19,6 +20,7 @@ import (
 	"github.com/cloudflare/cloudflared/metrics"
 	"github.com/cloudflare/cloudflared/origin"
 	"github.com/cloudflare/cloudflared/tunneldns"
+	"github.com/cloudflare/cloudflared/websocket"
 	"github.com/coreos/go-systemd/daemon"
 	"github.com/facebookgo/grace/gracenet"
 	"github.com/pkg/errors"
@@ -137,6 +139,21 @@ func Commands() []*cli.Command {
 			},
 			Hidden: true,
 		},
+		{
+			Name:        "ssh",
+			Action:      ssh,
+			Usage:       `ssh -o ProxyCommand="cloudflared tunnel ssh --hostname %h" ssh.warptunnels.org`,
+			ArgsUsage:   "[origin-url]",
+			Description: `The ssh subcommand wraps sends data over a WebSocket proxy to the Cloudflare edge.`,
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name: "hostname",
+				},
+				&cli.StringFlag{
+					Name: "url",
+				},
+			},
+		},
 	}

 	var subcommands []*cli.Command
@@ -308,6 +325,20 @@ func StartServer(c *cli.Context, version string, shutdownC, graceShutdownC chan
 		c.Set("url", "https://"+helloListener.Addr().String())
 	}

+	if c.IsSet("ws-proxy-server") {
+		listener, err := net.Listen("tcp", "127.0.0.1:")
+		if err != nil {
+			logger.WithError(err).Error("Cannot start Websocket Proxy Server")
+			return errors.Wrap(err, "Cannot start Websocket Proxy Server")
+		}
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			errC <- websocket.StartProxyServer(logger, listener, c.String("remote"), shutdownC)
+		}()
+		c.Set("url", "http://"+listener.Addr().String())
+	}
+
 	tunnelConfig, err := prepareTunnelConfig(c, buildInfo, version, logger, protoLogger)
 	if err != nil {
 		return err
@@ -447,6 +478,13 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"TUNNEL_URL"},
 			Hidden:  shouldHide,
 		}),
+		altsrc.NewStringFlag(&cli.StringFlag{
+			Name:    "remote",
+			Value:   "localhost:22",
+			Usage:   "Connect to the local server over tcp at `remote`.",
+			EnvVars: []string{"TUNNEL_REMOTE"},
+			Hidden:  shouldHide,
+		}),
 		altsrc.NewStringFlag(&cli.StringFlag{
 			Name:    "hostname",
 			Usage:   "Set a hostname on a Cloudflare zone to route traffic through this tunnel.",
@@ -549,6 +587,13 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
 			EnvVars: []string{"TUNNEL_HELLO_WORLD"},
 			Hidden:  shouldHide,
 		}),
+		altsrc.NewBoolFlag(&cli.BoolFlag{
+			Name:    "ws-proxy-server",
+			Value:   false,
+			Usage:   "Run WS proxy Server",
+			EnvVars: []string{"TUNNEL_WS_PROXY"},
+			Hidden:  shouldHide,
+		}),
 		altsrc.NewStringFlag(&cli.StringFlag{
 			Name:    "pidfile",
 			Usage:   "Write the application's PID to this file after first successful connection.",