Awesome
node-tcp-relay
This TCP relay/reverse proxy can be used to expose any TCP/IP service running behind a NAT. This includes services that use HTTP and SSH.
To install from <a href="https://www.npmjs.com/package/node-tcp-relay">npm</a>
sudo npm install -g node-tcp-relay
Command Line Interface
The relay server is meant to be executed on a server visible on the internet, as follows
tcprelays --relayPort 10080 --servicePort 10081 [--hostname [IP]] [--tls [both]] [--pfx file] [--passphrase passphrase] [--auth] [--caFile file]
relayPort
is the port where the relay server will listen for incoming connections from the relay client. servicePort
is the port where internet clients can connect to the service exposed through the relay. Optionally, hostname
specifies the IP address to listen at. Node.js listens on unspecified IPv6 address ::
by default.
tls
option enables secure communication with relay client using TLS. If followed by both
, TLS is also enabled on the service port. pfx
option specifies a private key file used to establish TLS. passphrase
specifies password used to protect private key. Relay server authenticates relay client by requesting its certificate when auth
option is specified. Use caFile
option to specify CA certificates used to validate client certificate.
The relay client is meant to be executed on a machine behind a NAT, as follows
tcprelayc --host host --port 10080 --relayHost host --relayPort port [--numConn count] [--tls [both]] [--rejectUnauthorized] [--caFile file] [--pfx file] [--passphrase value]
host
is any server visible to the machine behind the NAT. port
is the port of the service you want to expose through the relay.
relayServer
is the host name or IP address of the server visible on the internet executing the relay server. relayPort
is the relay server port where the client will connect.
numConn
is the number of unused connections relay client maintains with the server. As soon as it detects data activity on a socket, it establishes another connection. Servicing internet clients that don't transfer any data may lead to denial of service.
tls
enables secure TLS communication with relay server. If followed by both
, TLS is also used with server behind the NAT. rejectUnauthorized
enables checking for valid server certificate. Custom CA file can be specified using the caFile
option. Use pfx
option to specify certificate used to authenticate relay client at relay server.
If you're relaying HTTP(S), use a reverse proxy such as http-proxy, between the relay client and the local service e.g.
var httpProxy = require('http-proxy');
httpProxy.createProxyServer({target:'http://host:port'}).listen(port);
Programming Interface
Create and start a relay server thus
var relayServer = require("node-tcp-relay");
var newRelayServer = relayServer.createRelayServer(10080, 10081);
End relay server
newRelayServer.end();
Create and start a relay client thus
var relayClient = require("node-tcp-relay")
var newRelayClient = relayClient.createRelayClient("hostname", 8080, "relayserver", 10080, 1);
End relay client
newRelayClient.end();
Alternatives
- ssh -R
- VPN