|
1 | 1 | # Zia |
2 | 2 |
|
3 | | -Proxy UDP over WebSocket - useful to use WireGuard in restricted networks. |
4 | | - |
5 | | -Basic example: |
6 | | - |
7 | | -```mermaid |
8 | | -graph LR |
9 | | - WC[Wireguard Client] ---|UDP| B[Zia Client] |
10 | | - B ---|Websocket| C[Zia Server] |
11 | | - C ---|UDP| D[Wireguard Server] |
12 | | -``` |
13 | | - |
14 | | -The benefit is that WebSocket uses HTTP. If you are on a restricted network where you can only access external services using a provided HTTP proxy, you can proxy your WireGuard UDP traffic over WebSocket through that proxy. |
15 | | - |
16 | | -```mermaid |
17 | | -graph LR |
18 | | - WC[Wireguard Client] ---|UDP| B[Zia Client] |
19 | | - B ---|Websocket| C[Http Proxy] |
20 | | - C ---|Websocket| D[Zia Server] |
21 | | - D ---|UDP| E[Wireguard Server] |
22 | | -``` |
23 | | - |
24 | | -## Mode |
25 | | - |
26 | | -| Name | Description | |
27 | | -|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |
28 | | -| WebSocket | The UDP datagrams are wrapped inside WebSocket frames. These frames are then transmitted to the server, where they are unwrapped. | |
29 | | -| TCP | The UDP datagrams are prefixed with a 16 bit length of the datagram and then transmitted to the server in TCP packages. At the server, these packages are unwrapped and forwarded to the actual UDP upstream. | |
30 | | - |
31 | | -The client is capable of doing a TLSv2 or TLSv3 handshake, the server isn't able to handle TLS requests. In a case where an end-to-end (zia-client <-> zia-server) TLS encryption should happen, you have to proxy the traffic for the server using a reverse proxy. |
32 | | - |
33 | | -## Client |
34 | | - |
35 | | -Just download the appropriate binary from the latest release, or use the Docker image: |
36 | | - |
37 | | -``` |
38 | | -ghcr.io/marcelcoding/zia-client |
39 | | -``` |
40 | | - |
41 | | -Environment variables: |
42 | | - |
43 | | -```bash |
44 | | -ZIA_LISTEN_ADDR=127.0.0.1:8080 # local udp listener |
45 | | -ZIA_UPSTREAM=ws://domain.tld:1234 # your zia server instance (ws(s) or tcp(s)) |
46 | | -# ZIA_PROXY=http://user:[email protected]:8080 # optional http(s) proxy |
47 | | -# ZIA_COUNT=4 # count of websocket connecttions that should be used, useful if traffic is limited per proxy connection |
48 | | -# ZIA_WS_MASKING=1 # enable to conform with websocket spec, disabled by default to process data in zero-copy fashion |
49 | | -``` |
50 | | - |
51 | | -If you are using the binary use `--help` to the all available options. |
52 | | - |
53 | | -## Server |
54 | | - |
55 | | -Just download the appropriate binary from the latest release, or use the Docker image: |
56 | | - |
57 | | -``` |
58 | | -ghcr.io/marcelcoding/zia-server |
59 | | -``` |
60 | | - |
61 | | -Environment variables: |
62 | | - |
63 | | -```bash |
64 | | -ZIA_LISTEN_ADDR=0.0.0.0:1234 # public websocket listener (client -> ZIA_UPSTREAM) |
65 | | -ZIA_UPSTREAM=domain.tld:9999 # your actual udp service e.g. wireguard listener |
66 | | -ZIA_MODE=WS # WS or TCP see client -> ZIA_UPSTREAM |
67 | | -``` |
68 | | - |
69 | | -If you are using the binary use `--help` to the all available options. |
| 3 | +This repo moved to [Codeberg](https://codeberg.org/m4rc3l/zia). |
0 commit comments