The Hyper server provides a TLS-passthrough proxy service that
can forward incoming TLS connections from public clients to an
internal server without terminating the TLS connection. The service
consists of two servers:
A public proxy that listens on a publicly
available TCP port for incoming TLS connections, and on another TCP
port for connections from private proxy servers.
A private proxy that does not listen on any
TCP port and instead actively connects to the public proxy server
when a connection is available for it. It forwards that connection
(again without terminating TLS) to an internal server that then
handles it.
Both the private and the public proxies have accompanying Hyper
servers through which they communicate with each other.
The private proxy can announce incoming
connections to the public proxy. Whenever a new connection reaches
that proxy, it compares it to the announcements it received. If a
match is found, it notifies the private proxy of an incoming
connection via the Hyper network, also sending it a random token.
The private proxy opens a connection to the public proxy, sends the
token and takes over the TCP stream. It forwards it to an internal
server.
Demo
To demonstrate this mechanism we have prepared an example
configuration. Simply run the following snippets in different
terminals (from the main directory in the repository):
# prepare the binaries
make&&makeexamples
# first terminal
internal-server#will open a JSON-RPC server on port 8888# second terminal (public proxy)PROXY_SETTINGS=settings/dev/roles/public-proxy-1proxyrunpublic
# third terminal (private proxy)PROXY_SETTINGS=settings/dev/roles/private-proxy-1proxyrunprivate
# fourth terminal (public proxy Hyper server)HYPER_SETTINGS=settings/dev/roles/public-proxy-hyper-1hyperserverrun
# fifth terminal (private proxy Hyper server)HYPER_SETTINGS=settings/dev/roles/private-proxy-hyper-1hyperserverrun
When all services are up and running you should be able to send
a request to the proxy via
The request you've sent reached the local TLS server on port
8888 via the two proxies, which communicated through the Hyper
network to broker the connection. Neat, isn't it?
Stress Testing
You can also stress-test the server with parallel requests using
the parallel util:
The Hyper TLS-Passthrough Proxy
The Hyper server provides a TLS-passthrough proxy service that can forward incoming TLS connections from public clients to an internal server without terminating the TLS connection. The service consists of two servers:
Both the private and the public proxies have accompanying Hyper servers through which they communicate with each other.
The private proxy can announce incoming connections to the public proxy. Whenever a new connection reaches that proxy, it compares it to the announcements it received. If a match is found, it notifies the private proxy of an incoming connection via the Hyper network, also sending it a random token. The private proxy opens a connection to the public proxy, sends the token and takes over the TCP stream. It forwards it to an internal server.
Demo
To demonstrate this mechanism we have prepared an example configuration. Simply run the following snippets in different terminals (from the main directory in the repository):
When all services are up and running you should be able to send a request to the proxy via
This should return the following JSON data:
The request you've sent reached the local TLS server on port 8888 via the two proxies, which communicated through the Hyper network to broker the connection. Neat, isn't it?
Stress Testing
You can also stress-test the server with parallel requests using the
parallelutil:This will try to send 25 requests in parallel to the server.