Skip to content

Latest commit

 

History

History
45 lines (36 loc) · 1.91 KB

README.md

File metadata and controls

45 lines (36 loc) · 1.91 KB

dit4c-helper-listener-ngrok1

DIT4C routing connector based on the open source ngrok server.

There are three types of transport:

  • TCP - random port on the server
  • HTTP - vhost over HTTP
  • HTTPS - vhost over HTTPS

Extra steps for HTTPS

The HTTPS transport is the best choice for use with DIT4C, as it is the only transport that provides encryption for public-side connections. As documented, you will need a wildcard certificate to use ngrokd in this mode.

Additionally, to use this listener with HTTPS, you will need to put a reverse-proxy in front of ngrokd to add the X-Forwarded-Proto header. While ngrok 2 adds this automatically, the open-source ngrok 1 server has only a limited understanding of HTTP (enough to direct requests by vhost) and so is incapable of doing this itself. The DIT4C auth helper needs this header so it can generate URLs with the correct protocol scheme.

One way to do this is with nghttpx, which has the added benefit of providing HTTP/2.

                                       dit4c-helper-listener-ngrok1

                                                    +
                                           TLS/4443 |
                                                    v

                     +-----------+             +----------+
                     |           |             |          |
Browser  +---------> |  nghttpx  | +---------> |  ngrokd  |
          HTTPS/443  |           |  HTTPS/443  |          |
                     +-----------+             +----------+

ngrokd does not expect a reverse-proxy, and must be run on port 443. It is possible to do this by having ngrokd only listen on the loopback interface, however an easier deployment method is probably to use container network namespacing.