bubblev
/
bubble-flexrouter
4
0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Bubble proxy service
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
68 Commits
1 Branch
972 KiB
Tag: f991cf5bf9
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de f991cf5bf9
${ noResults }
bubble-flexrouter/README.md

README.md 5.2 KiB
Original Visão normal Histórico

WIP. add windows build instructions, try whoami instead of users (not supported on windows)
4 anos atrás
add unregister API, print version on startup, add README
4 anos atrás
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. bubble-flexrouter

  2. =================

  3. 

  4. bubble-flexrouter provides HTTP/HTTPS proxy services for Bubble.

  5. 

  6. Some websites and apps refuse to respond to requests originating from a cloud IP address.

  7. Thus, when a user is connected to their Bubble, some sites and apps will not work.

  8. 

  9. With flex routing, Bubble can route these requests through a device connected to the Bubble that is running bubble-flexrouter.

  10. Now, from the perspective of the website or app, these requests will originate from a "clean" IP, and so a valid response

  11. will be sent.

  12. 

  13. Note that using flex routing does remove some privacy protection - sites and apps that are flex-routed will see

  14. one of your device's real IP addresses.

  15. 

  16. 

  17. # Installation

  18. There are a few steps to installation:

  19.  * Generate the flex-router password

  20.  * Create an SSH key pair

  21.  * Create an empty auth token file

  22.  * Install system service

  23. 

  24. ## Generate the bubble-flexrouter password

  25. During installation, choose a password for the service. It should be random and at least 30 characters long.

  26. 

  27. Store this password in securely someplace where the app can read it. Ideally this is *not* on the filesystem,

  28. but in some internal app storage mechanism, since it will be stored in plaintext.

  29. 

  30. Bcrypt the password (use 12 rounds) and store the bcrypted value in a file. This file should only be readable by

  31. the bubble-flexrouter system service.

  32. 

  33. ## Create an SSH key pair

  34. During installation, generate an RSA key pair:

  35. 

  36.     ssh-keygen -t rsa -f /some/secure/location

  37. 

  38. In the above, `/some/secure/location` should be a path that is only readable by the bubble-flexrouter system service.

  39. 

  40. When this step is done, `/some/secure/location` should be the path to the SSH private key and

  41. `/some/secure/location.pub` should be the path to the SSH public key.

  42. 

  43. ## Create an empty auth token file

  44. bubble-flexrouter uses an auth token to secure its connection to a Bubble. This token is written to a file during

  45. registration (described below).

  46. 

  47. During installation, create an empty file that is only readable/writeable by the bubble-flexrouter service.

  48. 

  49. 

  50. ## Install system service

  51. Install bubble-flexrouter as a system service (Windows Service or Mac OS launch daemon) during Bubble app installation.

  52. 

  53. It should always be running. Set it to run at system startup.

  54. 

  55. The service requires some environment variables to be set:

  56. 

  57.  * `BUBBLE_FR_SSH_KEY` - full path to the *private* SSH key

  58.  * `BUBBLE_FR_PASS` - full path to the bcrypted password file

  59.  * `BUBBLE_FR_TOKEN` - full path to the auth token file

  60. 

  61. Run the service with these environment variables set.

  62. 

  63. ## Uncommon configuration

  64. By default bubble-flexrouter will listen on 127.0.0.1 on ports 9823 and 9833.

  65. 

  66. If these ports are unavailable, you can change them with command line arguments to bubble-flexrouter.

  67. 

  68. Run `bubble-flexrouter --help` to see the full list of command line options. Usually you will not need to set any arguments.

  69. 

  70. 

  71. # Registering

  72. When a user successfully logs in to a Bubble node, the API response will include a session token. Use this token

  73. and the bubble-flexrouter password to register the flexrouter with the Bubble.

  74. 

  75. To register the flexrouter with the Bubble, send a registration request to the admin port, listening on 127.0.0.1:9833

  76. 

  77. This request must include the request header `Content-Type: application/json`

  78. 

  79.     POST http://127.0.0.1:9833/register

  80.     {

  81.       "password": "<password>",

  82.       "session":"<session-token>",

  83.       "bubble":"<bubble-hostname>",

  84.       "ip":"<client-vpn-ip>"

  85.     }

  86. 

  87. Where:

  88. 

  89.   * `<password>` is the bubble-flexrouter password that was generated during installation

  90.   * `<session-token>` is the session token returned when the used logged in (usually from the `auth/login` API call)

  91.   * `<bubble-hostname>` is the hostname of the Bubble that the app has connected to

  92.   * `<client-vpn-ip>` is the VPN IP address that was assigned to the device (usually starts with `10.`)

  93. 

  94. A successful registration request will return HTTP status 200. Any other response indicates a failure, and the response

  95. body will contain a plaintext string with an error message.

  96. 

  97. An example using curl:

  98. 

  99.     curl -v -H 'Content-Type: application/json' \

  100.          -d '{"password":"Uy6dDwNP5msid3P6QEpeVmQMuUiAda","session":"47cc4974-2eca-47d8-8c74-c2cc106b9ba8","bubble":"nexus-dr66b-wn85d-ux27e.bubv.net","ip":"10.19.49.12"}' \

  101.          http://127.0.0.1:9833/register

  102. 

  103. 

  104. # Unregistering

  105. When a user logs out of a Bubble node, unregister the flexrouter by sending a request to the admin port.

  106. 

  107. This request must include the request header `Content-Type: application/json`

  108. 

  109.     POST http://127.0.0.1:9833/unregister

  110.     {

  111.       "password": "<password>"

  112.     }

  113. 

  114. Where:

  115. 

  116.   * `<password>` is the bubble-flexrouter password that was generated during installation

  117. 

  118. A successful unregister request will return HTTP status 200. Any other response indicates a failure, and the response

  119. body will contain a plaintext string with an error message.

  120. 

  121. An example using curl:

  122. 

  123.     curl -v -H 'Content-Type: application/json' \

  124.          -d '{"password":"Uy6dDwNP5msid3P6QEpeVmQMuUiAda"}' \

  125.          http://127.0.0.1:9833/unregister

  126. 

  127. 

  128. # Uninstallation

  129. If the Bubble app is uninstalled from the system, then also:

  130. 

  131.   * Stop and remove the system service

  132.   * Remove the bcrypted password file

  133.   * Remove both files of the SSH key pair

  134.   * Remove the auth token file