Tunnel Nodes

I nodi Tunnel permettono di esporre servizi locali su internet in modo sicuro, creare tunnel persistenti e gestire connessioni remote.

Quick Tunnel

Espone rapidamente un servizio locale su internet tramite un URL pubblico temporaneo (simile a ngrok/localtunnel).

Configurazione

Use cases

Workflow Esempio: Demo Temporanea

type: quickTunnel
localPort: 3000
localHost: "localhost"
subdomain: "demo-cliente-xyz"
protocol: https
label: "Demo App Frontend"

Output

{
  "tunnelId": "tun_abc123",
  "publicUrl": "https://demo-cliente-xyz.loca.lt",
  "localTarget": "localhost:3000",
  "protocol": "https",
  "status": "active",
  "createdAt": "2024-01-15T10:30:00Z",
  "expiresAt": "2024-01-15T12:30:00Z"
}

Tunnel Client

Client FRP per tunnel persistenti verso un server FRP self-hosted. Ideale per accesso remoto permanente.

Configurazione

Configurazione tunnel

Workflow Esempio: Accesso Remoto Server

type: tunnelClient
serverAddr: "frp.example.com"
serverPort: 7000
token: "{{secrets.FRP_TOKEN}}"
tunnels:
  - name: "ssh"
    type: tcp
    localPort: 22
    remotePort: 6000
  - name: "web"
    type: http
    localPort: 80
    subdomain: "myserver"
  - name: "api"
    type: https
    localPort: 3000
    customDomains:
      - "api.myserver.example.com"
label: "Home Server Tunnels"

Output

{
  "serverAddr": "frp.example.com:7000",
  "status": "connected",
  "tunnels": [
    {
      "name": "ssh",
      "type": "tcp",
      "localTarget": "localhost:22",
      "publicEndpoint": "frp.example.com:6000",
      "status": "active"
    },
    {
      "name": "web",
      "type": "http",
      "localTarget": "localhost:80",
      "publicEndpoint": "https://myserver.frp.example.com",
      "status": "active"
    },
    {
      "name": "api",
      "type": "https",
      "localTarget": "localhost:3000",
      "publicEndpoint": "https://api.myserver.example.com",
      "status": "active"
    }
  ],
  "connectedAt": "2024-01-15T10:30:00Z"
}

Tunnel Server

Configura e gestisce un server FRP per ricevere connessioni da client remoti.

Configurazione

Architettura FRP

Workflow Esempio: Setup Server FRP

type: tunnelServer
bindPort: 7000
vhostHttpPort: 80
vhostHttpsPort: 443
token: "{{secrets.FRP_TOKEN}}"
dashboard: true
dashboardPort: 7500
dashboardUser: "admin"
dashboardPassword: "{{secrets.FRP_DASH_PASS}}"
subdomainHost: "frp.example.com"
maxPoolCount: 10
logLevel: "info"
label: "FRP Server Principale"

Output

{
  "status": "running",
  "bindAddr": "0.0.0.0:7000",
  "vhostHttpPort": 80,
  "vhostHttpsPort": 443,
  "dashboardUrl": "http://frp.example.com:7500",
  "connectedClients": 3,
  "activeTunnels": 7,
  "traffic": {
    "inbound": "15.2 GB",
    "outbound": "42.5 GB"
  },
  "startedAt": "2024-01-10T00:00:00Z"
}

Workflow Completo: Infrastruttura Tunnel

Setup completo di un sistema di tunnel per accesso remoto aziendale.

Tipi di tunnel

TCP Tunnel

Espone una porta TCP remota.

tunnels:
  - name: "ssh"
    type: tcp
    localPort: 22
    remotePort: 2222

Accesso: ssh user@frp.example.com -p 2222

HTTP/HTTPS Tunnel

Espone servizi web con virtual host.

tunnels:
  - name: "webapp"
    type: http
    localPort: 3000
    subdomain: "myapp"

Accesso: https://myapp.frp.example.com

STCP Tunnel (Secret TCP)

Tunnel TCP crittografato punto-punto. Richiede client anche dal lato visitor.

# Server side
tunnels:
  - name: "private-db"
    type: stcp
    localPort: 5432
    secretKey: "{{secrets.STCP_KEY}}"

# Visitor side
visitors:
  - name: "db-visitor"
    type: stcp
    serverName: "private-db"
    secretKey: "{{secrets.STCP_KEY}}"
    bindPort: 5432

Sicurezza Tunnel

Configurazione sicura

# Genera token sicuro
openssl rand -base64 32

# Server
tlsOnly: true
tlsCertFile: "/path/to/cert.pem"
tlsKeyFile: "/path/to/key.pem"

# Client
tlsEnable: true
tlsServerName: "frp.example.com"

# Server
allowPorts: "2000-3000,6000-7000"
allowUsers:
  - name: "client1"
    token: "token1"
    allowedPorts: "6000-6010"
  - name: "client2"
    token: "token2"
    allowedPorts: "6020-6030"

Best Practices