[introduction]: inlets is an intranet penetration tool based on websocket tunnel, which can expose local services to the public network.
Inlets uses reverse proxy and websocket tunnel to expose internal or developing services to the public network through exit nodes. The exit node can be a VPS or any computer with public IPv4.
Similar tools include ngrok and Argo tunnel, but both of them are closed source, have their own limitations, are expensive, and have limited support for arm / arm64. Ngrok is often blocked by the company’s firewall policy and cannot be used. Other open source tunnel tools basically only consider the static configuration of a single tunnel. Inlets aims to dynamically discover local services, expose them to public IP or domain names through websocket tunnel, and automatically configure TLS certificates.
Inlets has completed the following functions:
Based on the definition of the client, the service entry is automatically created at the exit node
- Single port and single websocket hosting multiple sites through DNS / domain name
- Link encryption using SSL over WebSockets (WSS: / /)
- Automatic reconnection
Authority authentication through service account or HTTP basic auth
- Issue certificates using letsencrypt staging or production through http01 challenge
- Native cross platform support, including armhf and arm64 architectures
- Provide dockerfile and kubernetes yaml files
- Automatically discover and instantiate Service – inlets – operators of loadbalancer type in kubernetes cluster
- In addition to HTTP (s), it also supports the transmission of websocket traffic in the tunnel
For detailed installation and deployment steps, please refer to the official website. Xiaoqiu will briefly introduce the installation steps (also refer to the operation of the official website), eliminating the generation of tokens.
Install inlets service
Brew or curl installation is recommended on the official website:
#Install to current directory curl -sLS https://get.inlets.dev | sh #Install to / usr / local / bin/ curl -sLS https://get.inlets.dev | sudo sh #Installing with brew brew install inlets
Xiaoqiu can use it on windows. Download the inlets.exe file directly and execute it on the command line. The download address is:
Start tunnel server
This step needs to be operated on the machine with public IP to map the intranet services out of the network. (Xiaoqiu doesn’t have such a server, which can be installed directly on the local machine and can’t map the public network, but he can also complete the agent mapping process, and the process is the same.)
Download inlets.exe, put it in disk F, and execute the command to start:
/f/inlets/inlets.exe server --port=8090
As shown below:
Run HTTP service
Test with Python’s built-in HTTP service:
mkdir inlets-test cd /inlets-test touch hello-world python -m http.server 3000
As shown below:
Visit localhost: 3000
Start the inlets client
Start the inlets client on the same machine as the HTTP service, and execute the following command:
/f/inlets/inlets.exe client --remote=192.168.244.1:8090 --upstream=http://127.0.0.1:3000
- –The remote parameter must be set to the IP of the egress node
- –The upstream parameter is the IP and port of the intranet service to be exposed
As shown below:
Access exit node:
The above can be said to be the most basic and commonly used functions of inlets. Inlets also has more advanced functions. You can try the children’s shoes you are interested in:
- Support docker installation and deployment
- Single exit node multi service
- Set the fixed port for the control plane
Open source outpostShare popular, interesting and practical open source projects on a daily basis. Participate in maintaining the open source technology resource library of 100000 + star, including python, Java, C / C + +, go, JS, CSS, node.js, PHP,. Net, etc.