A peer-to-peer TCP proxy built with iroh.
I made this project to remote-control my raspberry pi. It runs a few web-servers that I want to visit while not on the local network. Iroh makes it possible to do that by dialing a public key, from some other devices. Currently, there are three client implementations, a cli, a desktop app, and an android app. The client connects with quic, then opens a TCP-socket on localhost.
In practice, this means that if you're running some web-server with the proxy attached, and a client with the other side of the proxy, visiting localhost is like visiting localhost on the server device.
The project consists of a daemon running on the server-device, and a few different clients that can communicate with that daemon. The daemon itself is a basic TCP-proxy with some optional access controls. That daemon is (through configuration) pointed to a local port, and then proxies incoming traffic to and from that port.
The daemon can be run on the cli, or with a service manager like systemd, an example systemd unit can be found here.
The simplest possible configuration looks like this:
# Node id: 7003b83df94765d4862185187508055e11be90d761663061e4f368d076b7a9b8
secret_key_hex = "11701920da9f96a52625963997db5bc54e27ea86b00094646e2e860c4a8fa796"
default_route = "default"
[[server_ports]]
port = 8080
name = "default"
allow_any_peer = trueA secret key can be generated with p2proxy-cli generate-key --dest <out-file>,
or a skeleton configuration with p2proxyd generate-template-configuration --dest <out-file>.
Then running ./p2proxyd run --cfg-path <path> will start the proxy, pointing at local port 8080,
connectable using the public key/node id:
7003b83df94765d4862185187508055e11be90d761663061e4f368d076b7a9b8. It allows anyone to connect. Meaning,
anyone who knows about the node id 7003b83df94765d4862185187508055e11be90d761663061e4f368d076b7a9b8 can
connect to the local server from the internet.
A client (using the CLI) could connect to that port using:
p2proxy-cli run --key-hex 761f433bc4e34277f3be1fb27e0198981d9a830d81c4aa468aa169413645123f \
--peer 7003b83df94765d4862185187508055e11be90d761663061e4f368d076b7a9b8 --local-port 3000And then open the browser at http://localhost:3000 to view what's served at port 8080 on the server device.
For more usage/configuration of the daemon, see its readme
An android app p2proxy can be found here,
it can be used to connect to a remote p2proxyd service.
See its readme for more details here.
To build, you need a rust toolchain, you can get one through rustup for example.
You need libglib2.0-dev and libgtk-3-dev to build the desktop app (on linux). The proxy and cli does not need these
extra dependencies (as far as I'm aware).
cargo b -r -p p2proxyd, binary ends up in target/release/p2proxyd
cargo b -r -p p2proxy-cli, binary ends up in target/release/p2proxy-cli
cargo b -r -p p2proxy-desktop, binary ends up in target/release/p2proxy-desktop
Can be built using flutter:
To build release, you need to set up signing-configs, see the flutter docs
cd p2proxy_fl && flutter build appbundle --debugFor targets that are easy to build for and test with a VM (generic linux, debian, and windows) signed
binaries/packages
are supplied under releases.
p2proxyd and p2proxy-cli can (and are) compiled statically for Linux in both cases. p2proxy-desktop has a
dependency on libgtk and libglib, so that's compiled on debian bullseye for compatibility. It should work
on any reasonably up-to-date linux install.
I'm assuming that windows users won't run p2proxyd, but there's no technical reason that that can't be built
or run on windows either.
If you're lucky f97b4c8a80c2aa84380f44e69f193b41360c0bb6ff81861f9ed154f186e9f137 may be serving something
interesting.
This project is licensed under GPLv3.
Android feature-graphic generated with https://hotpot.ai/design/google-play-feature-graphic