Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP CONNECT Tunneling #1003

Merged
merged 1 commit into from
May 25, 2017
Merged

HTTP CONNECT Tunneling #1003

merged 1 commit into from
May 25, 2017

Conversation

russjones
Copy link
Contributor

Purpose

As covered in #860, at the moment Teleport does not support HTTP CONNECT tunneling. This PR adds support for HTTP CONNECT tunneling for Trusted Clusters.

Implementation

  • A new package proxy has been added under utils.
  • The proxy package exposes a single function DialerFromEnvironment. DialerFromEnvironment checks if https_proxy or http_proxy are set, if either are it dials to the proxy and then establishes a SSH connection, or directly establishes a SSH connection.
  • This is used when establishing a reverse tunnel. Instead of calling ssh.Dial directly we extract a dial from the environment and then establish the reverse tunnel.

Related Issues

Fixes #860

@russjones russjones requested a review from klizhentas May 18, 2017 22:30
@russjones russjones force-pushed the rjones/http-proxy branch from f83f100 to 008b849 Compare May 18, 2017 22:30
@russjones russjones requested a review from kontsevoy May 18, 2017 22:30
klizhentas
klizhentas reviewed May 18, 2017
View reviewed changes
Copy link
Contributor

@klizhentas klizhentas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have a couple of comments, but generally looks OK

docs/2.0/admin-guide.md Outdated
audited and access control rules applied. For these scenarios Teleport supports
HTTP CONNECT tunneling.

To use HTTP CONNECT tunneling, simply set either the `https_proxy` or
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are those standard names for env variables? generally linux env vars are using HTTPS_PROXY upper case notations, what are others are using?

Copy link
Contributor Author

@russjones russjones May 18, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I was confused by that as well, it looks like Go assumes either all caps or all lower case. From the docs:

ProxyFromEnvironment returns the URL of the proxy to use for a given
request, as indicated by the environment variables HTTP_PROXY, HTTPS_PROXY
and NO_PROXY (or the lowercase versions thereof). HTTPS_PROXY takes
precedence over HTTP_PROXY for https requests.

In code: https://github.com/golang/go/blob/master/src/net/http/transport.go#L550-L560

I'll adjust this.

lib/utils/proxy/proxy.go Outdated
// build a proxy connection first
pconn, err := dialProxy(d.proxyHost, addr)
if err != nil {
return nil, err
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trace.Wrap

lib/utils/proxy/proxy.go Outdated
Host: addr,
Header: make(http.Header),
}
connectReq.Write(conn)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check for error here?

lib/utils/proxy/proxy.go Outdated
var d net.Dialer
conn, err := d.DialContext(ctx, "tcp", proxyAddr)
if err != nil {
return nil, trace.Wrap(err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

trace.ConvertSystemError instead

@russjones russjones force-pushed the rjones/http-proxy branch 11 times, most recently from f74bfd3 to dbacf17 Compare May 24, 2017 18:47
@russjones russjones force-pushed the rjones/http-proxy branch from dbacf17 to 2117306 Compare May 25, 2017 17:28
@russjones russjones merged commit bedd6db into master May 25, 2017
@russjones russjones deleted the rjones/http-proxy branch May 25, 2017 17:41
hatched pushed a commit to hatched/teleport-merge that referenced this pull request Nov 30, 2022
SharedDirectoryReadRequest (gravitational#1003)
f7e9f0a
hatched pushed a commit that referenced this pull request Dec 20, 2022
SharedDirectoryReadRequest (#1003)
9aca246
hatched pushed a commit that referenced this pull request Feb 1, 2023
[v10] Backports for directory sharing (#1138)
f37d18f 
* `SharedDirectoryInfoResponse` (#996)

* `SharedDirectoryListRequest` (#999)

* `SharedDirectoryListResponse` (#1000)

* `SharedDirectoryReadRequest` (#1003)

* `SharedDirectoryReadResponse` (#1005)

* `SharedDirectoryWriteRequest` (#1007)

* `SharedDirectoryWriteResponse` (#1008)

* Tidy up `sharedDirectoryManager` (#1010)

* `SharedDirectoryMoveRequest` (#1045)

* `SharedDirectoryMoveResponse` (#1074)

* `SharedDirectoryCreateRequest` and `SharedDirectoryCreateResponse` (#1090)

* SharedDirectoryDeleteRequest and SharedDirectoryDeleteResponse (#1096)

* Add warning dialog for unsupported browsers for directory sharing (#1110)

* updates yarn.lock
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klizhentas klizhentas klizhentas left review comments

@kontsevoy kontsevoy Awaiting requested review from kontsevoy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@russjones @klizhentas