What is ssltunnel?
This is a lightweight TCP over SSL / TLS tunnel running over node. If you need to add confidentiality (privacy), integrity, and authenticity to your TCP stream this is the tool for you.Installation
Please follow the following steps to get it up and running:- Download and install latest node (don't worry, it is small)
- Enter CMD and run:
npm install ssltunnel - The ssltunnel package now resides under
./node_modules/ssltunnel
Creating certificates
ssltunnel uses client and server certificates for creating proper TLS connection. While server certificate is enough to assure confidentiality and integrity, client certificate is required for assuring authenticity.Test certificates are provided in the
testcerts folder. You can start playing with ssltunnel using them.Please do not use test certificates for production.You can easily create your certificates using openssl. Each certificate is represented by a key pair. The steps are the same for both client and server certificates. See some example of certificate generation below.
$ openssl genrsa -out private.pem 2048
$ openssl req -new -x509 -key private.pem -out public.pem -days 3650
PLEASE KEEP YOUR PRIVATE KEYS SECURE
Running the ssltunnel
Imagine you have a client-server application. The server is running onmy_host:8080. You can route the traffic via ssl tunnel by
creating both ssltunnel's server and client:d:\src\ssltunnel\bin>ssltunnel.cmd -r server \
--proxy_port 54443 \
--server_port 8080 \
--server_host my_host \
--srv_pub_cert ..\testcerts\sc_public.pem \
--clt_pub_cert ..\testcerts\cc_public.pem \
--srv_prv_cert ..\testcerts\sc_private.pem \
Running 'server' role. Listening on 54443, decrypting and forwarding to real server machine on my_host:8080
d:\src\ssltunnel\bin>ssltunnel.cmd -r client \
--proxy_port 54080 \
--server_port 54443 \
--server_host my_ssltunnel_server_host \
--srv_pub_cert ..\testcerts\sc_public.pem \
--clt_pub_cert ..\testcerts\cc_public.pem \
--clt_prv_cert ..\testcerts\cc_private.pem \
Running 'client' role. Listening on 54080, encrypting and forwarding to ssltunnel's server on my_ssltunnel_server_host:54443
This is the list of all arguments ssltunnel supports:
d:\src\ssltunnel\bin>ssltunnel
Usage node d:\src\ssltunnel\bin\run_ssltunnel.js
Options:
-r, --role The role of the tunnel component, either 'client' or 'server' [required]
--proxy_port The proxy listener's port [required]
--server_host The server's hostname. Either ssltunnel's server role or back-end server [default: "localhost"]
--server_port The server's port. Either ssltunnel's server role or back-end server [required]
--log_level SSLTunnel logging level. One of: 'error', 'warn', 'info', or 'log' [default: "log"]
--keep_alive Use TCP keep-alive when connecting to an sslserver.
Provide keep-alive delay in ms. Use negative value for
turning keep-alive off. Relevant for client role only. [default: "30000"]
--srv_pub_cert Public certificate file for ssltunnel's server [required]
--srv_prv_cert Private certificate file for ssltunnel's server
--clt_pub_cert Public certificate for ssltunnel's client [required]
--clt_prv_cert Private certificate for ssltunnel's client
Missing required arguments: r, proxy_port, server_port, srv_pub_cert, clt_pub_cert from https://github.com/anodejs/node-ssltunnel -----
我的补充说明:
在本地机器mac上。首先安装nodejs环境。然后,npm install ssltunnel (在当前目录下,会生成node_modules目录。)cd node_modules/ssltunnel/ ls显示:LICENSE bin docs package.json
README.md certs lib testcerts
cd binnode run_ssltunnel.js -h
