Skip to content

uProxy Servers

Jump to bottom Edit New page
trevj edited this page Aug 18, 2016 · 9 revisions

Introduction

A uProxy server provides proxying services for the uProxy client. Think of it as headless uProxy; a uProxy access point; a robot friend. It's an alternative to uProxy's original peer-to-peer concept.

The server is provided as a set of Docker images and may be deployed manually, via shell scripts, on any Linux-based Docker system or on DigitalOcean via uProxy itself.

Install

From https://blog.uproxy.org/2016/02/get-access-24x7-through-your-own-uproxy.html:

curl https://raw.githubusercontent.com/uProxy/uproxy-docker/master/install-cloud.sh | sh

Design

Overview

A uProxy server consists of two Docker containers:

Zork is a headless uProxy client. It accepts commands, via telnet, on port 9000. It was originally developed as a testing tool; on cloud, Zork is configured to refuse connections from outside of localhost and sshd must be used to establish a secure tunnel to Zork (uProxy uses an SSH library to do just this).

Detailed design

sshd

The zork container is stateless and can be swapped/upgraded/etc. without disturbing access.

Installation-specific metadata exists on the sshd container:

  • /banner
  • /hostname
  • /issue_invite.sh
  • /login.sh
  • /home/getter/.ssh/authorized_keys

The client

The uProxy client uses the cloud social provider to access cloud servers. It accepts cloud invitation URLs which encode the following information:

  • hostname
  • username
  • SSH private key

Given an invitation URL, the client:

  1. connects, via SSH, to port 5000 on hostname
  2. executes cat /banner, the result of which is used as the server description in the contacts list
  3. requests a tunnel be established to port 9000 on zork (there's an /etc/hosts entry for this, created by docker run)
  4. sends and receives WebRTC signalling messages, with a little wrapping, through the secure tunnel to Zork

In effect, the client runs this command:

TODO: ssh tunnel command

Supported platforms

Note: Because the setup scripts run iptables to restrict access to port 9000 and because this command only exists on Linux systems, a secure cloud server can currently only be run on Linux. more info

Troubleshooting

Install progress stuck at 50? The script is waiting for activity on the zork container's port 9000 ( https://github.com/uProxy/uproxy-docker/blob/master/testing/run-scripts/run_cloud.sh#L146). SSH into your server and examine this command:

docker logs uproxy-zork

which ports need to be open (AWS): TCP port 5000, UDP ports 1025-65535

TODO: which exact port range does WebRTC use?

Tips and Tricks

  • Manual authorized_keys backup: docker cp uproxy-sshd:/home/getter/.ssh/authorized_keys .

  • Manual authorized_keys restore: docker cp authorized_keys uproxy-sshd:/home/getter/.ssh/

  • Connection success rate: docker cp uproxy-zork:/var/log/zork.log /tmp/ && ./zork-stats.sh /tmp/zork.log

  • Change a cloud server's description: docker exec uproxy-sshd sh -c "echo 'xxx' > /banner"

  • Change a cloud server's notion of its own public IP: docker exec uproxy-sshd sh -c "echo xxx.xxx.xxx.xxx > /hostname"

Add a custom footer
Add a custom sidebar

Clone this wiki locally