Chisel is an HTTP client and server which acts as a TCP proxy. Chisel useful in situations where you only have access to HTTP, for example – a corporate firewall. Chisel is similar to crowbar though achieves much higher performance. Warning This is beta software.
Server
$ go get -v github.com/jpillora/chisel/chiseld
Forwarder
$ go get -v github.com/jpillora/chisel/chisel-forward
- Simple
- Reasonably performant
- Client Auto-reconnects with backoff
- Server fallback proxy
A Heroku app is running chiseld on the public HTTP port. This app
is also running a file server on 3000 (which is normally inaccessible
due to Heroku's firewall). However, if we tunnel in with:
$ chisel-forward --auth foobar https://chisel-demo.herokuapp.com/ 3000
Then open http://localhost:3000/, we should see a directory listing of this app's root.
Both command-line programs have useful help text, see chiseld --help and chisel-forward --help.
Eventually, a programmatic API will be documented and available, if you're keen see the main.go files in each sub-package.
Currently, secure communications are attained by hosting your HTTP server behind a TLS proxy. Thereby upgrading your server to HTTPS. In the future, the server will allow your to pass in TLS credentials and make use of Go's TLS (HTTPS) server.
With crowbar, a connection is tunnelled by repeatedly querying the server with updates. This results in a large amount of HTTP and TCP connection overhead. Chisel overcomes this using WebSockets combined with Yamux to create SDPY/HTTP2 like logical connections, therefore, each client will only need 1 TCP connection.
In this test, we have:
curl -> http tunnel client -> http tunnel server -> file server
Tab 1 (local file server)
$ npm i -g serve
$ serve -p 4000
Tab 2 (tunnel server)
$ echo -ne "foo:bar" > userfile
$ crowbard -listen="0.0.0.0:8080" -userfile=./userfile
Tab 3 (tunnel client)
$ crowbar-forward -local=0.0.0.0:3000 -server http://localhost:8080 -remote localhost:4000 -username foo -password bar
Tab 4 (transfer test)
$ time curl -s "127.0.0.1:3000/largefile.bin" > /dev/null
74.74 real 2.37 user 6.74 sys
Here, we see largefile.bin (~200MB) is transferred in 1m14s (along with high CPU utilisation).
Enter chisel, lets swap in chiseld and chisel-forward
Tab 2 (tunnel server)
$ chiseld --auth foo
Tab 3 (tunnel client)
$ chisel-forward --auth foo http://localhost:8080 3000:4000
2015/02/27 16:13:43 Connected to http://localhost:8080
2015/02/27 16:13:43 Proxy 0.0.0.0:3000 => 0.0.0.0:4000 enabled
And now we'll run the test again
$ time curl -s "127.0.0.1:3000/largefile.bin" > /dev/null
0.60 real 0.05 user 0.14 sys
Here, the same file was transferred in 0.6s
- http://golang.org/doc/code.html
- http://golang.org/doc/effective_go.html
github.com/jpillora/chiselcontains the shared packagegithub.com/jpillora/chisel/chiseldcontains the server packagegithub.com/jpillora/chisel/chisel-forwardcontains the client package
- Add tests (Bonus: Add benchmarks)
- User file with list of whitelisted remotes
- TLS server configuration
- Encrypt data with
authas the secret (Poor man's TLS) - Expose a stats page for proxy throughput
- Configurable connection retry times
Copyright © 2014 Jaime Pillora <[email protected]>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.