Peer To Peer (P2P) Proxy

The proxy also supports a peer-to-peer (P2P) mode, which enables two Hyper servers to establish a secure connection through the proxy.

Connection Brokering

The brokering process for a P2P connection is as follows:

  • Hyper server A wants to connect to Hyper server B.
  • A recognizes through the directory entry of B that it can only be reached through proxy P.
  • A sends a connectionRequest message to P over the Hyper system, specifying B's gRPC server channel as the recipient.
  • P creates a token and send a message to B over the Hyper system, forwarding A's request and specifying a proxy endpoint to connect to.
  • B receives the message and forwards it to the appropriate channel, which handles it and connects to P's endpoint, sending the token as the routing key.
  • P receives the connection from B and stores it.
  • P returns a confirmation to A containing the token and same endpoint.
  • A connects to P's endpoint and also sends the token.
  • P accepts A's connection, retrieves B's matching connection and proxies traffic between them.

Testing

To set up a test infrastructure, simply run (in different shells):

# run the service directory
SD_SETTINGS=settings/dev/roles/sd-1 sd run
# run the public proxy
PROXY_SETTINGS=settings/dev/roles/public-proxy-1 proxy run public

# run all Hyper servers
HYPER_SETTINGS=settings/dev/roles/hd-1 hyper server run
HYPER_SETTINGS=settings/dev/roles/hd-2 hyper server run
HYPER_SETTINGS=settings/dev/roles/public-proxy-hyper-1 hyper server run

Make sure you run make sd-setup to update the service directory with the necessary entries. Then you should be able to request a ping from the HD-2 server through the proxy via the HD-1 JSON-RPC server:

curl --cert settings/dev/certs/hd-1.crt --key settings/dev/certs/hd-1.key --cacert settings/dev/certs/root.crt --resolve hd-1:5555:127.0.0.1 https://hd-1:5555/jsonrpc --header "Content-Type: application/json" --data '{"method": "hd-2._ping", "id": "1", "params": {}, "jsonrpc": "2.0"}' | jq .