DYNR/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-03-31 06:24:18 -04:00
Code Issues Packages Projects Releases 10 Wiki Activity

[management,proxy,client] Add L4 capabilities (TLS/TCP/UDP) (#5530)

Browse Source
This commit is contained in:
Viktor Liu
2026-03-14 01:36:44 +08:00
committed by GitHub
parent fe9b844511
commit 3e6baea405
90 changed files with 9611 additions and 1397 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
shared/management/client/grpc.go
View File

@@ -56,12 +56,14 @@ type ExposeRequest struct {
Pin string
Password string
UserGroups []string
ListenPort uint16
}
type ExposeResponse struct {
ServiceName string
Domain string
ServiceURL string
ServiceName string
Domain string
ServiceURL string
PortAutoAssigned bool
}
// NewClient creates a new client to Management service
@@ -790,9 +792,10 @@ func (c *GrpcClient) StopExpose(ctx context.Context, domain string) error {
func fromProtoExposeResponse(resp *proto.ExposeServiceResponse) *ExposeResponse {
return &ExposeResponse{
ServiceName: resp.ServiceName,
Domain: resp.Domain,
ServiceURL: resp.ServiceUrl,
ServiceName: resp.ServiceName,
Domain: resp.Domain,
ServiceURL: resp.ServiceUrl,
PortAutoAssigned: resp.PortAutoAssigned,
}
}
@@ -808,6 +811,8 @@ func toProtoExposeServiceRequest(req ExposeRequest) (*proto.ExposeServiceRequest
protocol = proto.ExposeProtocol_EXPOSE_TCP
case int(proto.ExposeProtocol_EXPOSE_UDP):
protocol = proto.ExposeProtocol_EXPOSE_UDP
case int(proto.ExposeProtocol_EXPOSE_TLS):
protocol = proto.ExposeProtocol_EXPOSE_TLS
default:
return nil, fmt.Errorf("invalid expose protocol: %d", req.Protocol)
}
@@ -820,6 +825,7 @@ func toProtoExposeServiceRequest(req ExposeRequest) (*proto.ExposeServiceRequest
Pin: req.Pin,
Password: req.Password,
UserGroups: req.UserGroups,
ListenPort: uint32(req.ListenPort),
}, nil
}

107
shared/management/http/api/openapi.yml
View File

@@ -2836,6 +2836,10 @@ components:
format: int64
description: "Bytes downloaded (response body size)"
example: 8192
protocol:
type: string
description: "Protocol type: http, tcp, or udp"
example: "http"
required:
- id
- service_id
@@ -2954,6 +2958,20 @@ components:
domain:
type: string
description: Domain for the service
mode:
type: string
description: Service mode. "http" for L7 reverse proxy, "tcp"/"udp"/"tls" for L4 passthrough.
enum: [http, tcp, udp, tls]
default: http
listen_port:
type: integer
minimum: 0
maximum: 65535
description: Port the proxy listens on (L4/TLS only)
port_auto_assigned:
type: boolean
description: Whether the listen port was auto-assigned
readOnly: true
proxy_cluster:
type: string
description: The proxy cluster handling this service (derived from domain)
@@ -3020,6 +3038,16 @@ components:
domain:
type: string
description: Domain for the service
mode:
type: string
description: Service mode. "http" for L7 reverse proxy, "tcp"/"udp"/"tls" for L4 passthrough.
enum: [http, tcp, udp, tls]
default: http
listen_port:
type: integer
minimum: 0
maximum: 65535
description: Port the proxy listens on (L4/TLS only). Set to 0 for auto-assignment.
targets:
type: array
items:
@@ -3040,8 +3068,6 @@ components:
required:
- name
- domain
- targets
- auth
- enabled
ServiceTargetOptions:
type: object
@@ -3065,6 +3091,12 @@ components:
additionalProperties:
type: string
pattern: '^[^\r\n]*$'
proxy_protocol:
type: boolean
description: Send PROXY Protocol v2 header to this backend (TCP/TLS only)
session_idle_timeout:
type: string
description: Idle timeout before a UDP session is reaped, as a Go duration string (e.g. "30s", "2m"). Maximum 10m.
ServiceTarget:
type: object
properties:
@@ -3073,21 +3105,23 @@ components:
description: Target ID
target_type:
type: string
description: Target type (e.g., "peer", "resource")
enum: [peer, resource]
description: Target type
enum: [peer, host, domain, subnet]
path:
type: string
description: URL path prefix for this target
description: URL path prefix for this target (HTTP only)
protocol:
type: string
description: Protocol to use when connecting to the backend
enum: [http, https]
enum: [http, https, tcp, udp]
host:
type: string
description: Backend ip or domain for this target
port:
type: integer
description: Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https).
minimum: 1
maximum: 65535
description: Backend port for this target
enabled:
type: boolean
description: Whether this target is enabled
@@ -3194,6 +3228,9 @@ components:
target_cluster:
type: string
description: The proxy cluster this domain is validated against (only for custom domains)
supports_custom_ports:
type: boolean
description: Whether the cluster supports binding arbitrary TCP/UDP ports
required:
- id
- domain
@@ -4277,6 +4314,12 @@ components:
requires_authentication:
description: Requires authentication
content: { }
conflict:
description: Conflict
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
securitySchemes:
BearerAuth:
type: http
@@ -9621,6 +9664,29 @@ paths:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
/api/reverse-proxies/clusters:
get:
summary: List available proxy clusters
description: Returns a list of available proxy clusters with their connection status
tags: [ Services ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
responses:
'200':
description: A JSON Array of proxy clusters
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ProxyCluster'
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'500':
"$ref": "#/components/responses/internal_error"
/api/reverse-proxies/services:
get:
summary: List all Services
@@ -9670,29 +9736,8 @@ paths:
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'500':
"$ref": "#/components/responses/internal_error"
/api/reverse-proxies/clusters:
get:
summary: List available proxy clusters
description: Returns a list of available proxy clusters with their connection status
tags: [ Services ]
security:
- BearerAuth: [ ]
- TokenAuth: [ ]
responses:
'200':
description: A JSON Array of proxy clusters
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ProxyCluster'
'401':
"$ref": "#/components/responses/requires_authentication"
'403':
"$ref": "#/components/responses/forbidden"
'409':
"$ref": "#/components/responses/conflict"
'500':
"$ref": "#/components/responses/internal_error"
/api/reverse-proxies/services/{serviceId}:
@@ -9762,6 +9807,8 @@ paths:
"$ref": "#/components/responses/forbidden"
'404':
"$ref": "#/components/responses/not_found"
'409':
"$ref": "#/components/responses/conflict"
'500':
"$ref": "#/components/responses/internal_error"
delete:

118
shared/management/http/api/types.gen.go
View File

@@ -880,6 +880,30 @@ func (e SentinelOneMatchAttributesNetworkStatus) Valid() bool {
}
}
// Defines values for ServiceMode.
const (
ServiceModeHttp ServiceMode = "http"
ServiceModeTcp ServiceMode = "tcp"
ServiceModeTls ServiceMode = "tls"
ServiceModeUdp ServiceMode = "udp"
)
// Valid indicates whether the value is a known member of the ServiceMode enum.
func (e ServiceMode) Valid() bool {
switch e {
case ServiceModeHttp:
return true
case ServiceModeTcp:
return true
case ServiceModeTls:
return true
case ServiceModeUdp:
return true
default:
return false
}
}
// Defines values for ServiceMetaStatus.
const (
ServiceMetaStatusActive ServiceMetaStatus = "active"
@@ -910,10 +934,36 @@ func (e ServiceMetaStatus) Valid() bool {
}
}
// Defines values for ServiceRequestMode.
const (
ServiceRequestModeHttp ServiceRequestMode = "http"
ServiceRequestModeTcp ServiceRequestMode = "tcp"
ServiceRequestModeTls ServiceRequestMode = "tls"
ServiceRequestModeUdp ServiceRequestMode = "udp"
)
// Valid indicates whether the value is a known member of the ServiceRequestMode enum.
func (e ServiceRequestMode) Valid() bool {
switch e {
case ServiceRequestModeHttp:
return true
case ServiceRequestModeTcp:
return true
case ServiceRequestModeTls:
return true
case ServiceRequestModeUdp:
return true
default:
return false
}
}
// Defines values for ServiceTargetProtocol.
const (
ServiceTargetProtocolHttp ServiceTargetProtocol = "http"
ServiceTargetProtocolHttps ServiceTargetProtocol = "https"
ServiceTargetProtocolTcp ServiceTargetProtocol = "tcp"
ServiceTargetProtocolUdp ServiceTargetProtocol = "udp"
)
// Valid indicates whether the value is a known member of the ServiceTargetProtocol enum.
@@ -923,6 +973,10 @@ func (e ServiceTargetProtocol) Valid() bool {
return true
case ServiceTargetProtocolHttps:
return true
case ServiceTargetProtocolTcp:
return true
case ServiceTargetProtocolUdp:
return true
default:
return false
}
@@ -930,16 +984,22 @@ func (e ServiceTargetProtocol) Valid() bool {
// Defines values for ServiceTargetTargetType.
const (
ServiceTargetTargetTypePeer ServiceTargetTargetType = "peer"
ServiceTargetTargetTypeResource ServiceTargetTargetType = "resource"
ServiceTargetTargetTypeDomain ServiceTargetTargetType = "domain"
ServiceTargetTargetTypeHost ServiceTargetTargetType = "host"
ServiceTargetTargetTypePeer ServiceTargetTargetType = "peer"
ServiceTargetTargetTypeSubnet ServiceTargetTargetType = "subnet"
)
// Valid indicates whether the value is a known member of the ServiceTargetTargetType enum.
func (e ServiceTargetTargetType) Valid() bool {
switch e {
case ServiceTargetTargetTypeDomain:
return true
case ServiceTargetTargetTypeHost:
return true
case ServiceTargetTargetTypePeer:
return true
case ServiceTargetTargetTypeResource:
case ServiceTargetTargetTypeSubnet:
return true
default:
return false
@@ -3249,6 +3309,9 @@ type ProxyAccessLog struct {
// Path Path of the request
Path string `json:"path"`
// Protocol Protocol type: http, tcp, or udp
Protocol *string `json:"protocol,omitempty"`
// Reason Reason for the request result (e.g., authentication failure)
Reason *string `json:"reason,omitempty"`
@@ -3313,6 +3376,9 @@ type ReverseProxyDomain struct {
// Id Domain ID
Id string `json:"id"`
// SupportsCustomPorts Whether the cluster supports binding arbitrary TCP/UDP ports
SupportsCustomPorts *bool `json:"supports_custom_ports,omitempty"`
// TargetCluster The proxy cluster this domain is validated against (only for custom domains)
TargetCluster *string `json:"target_cluster,omitempty"`
@@ -3505,8 +3571,14 @@ type Service struct {
Enabled bool `json:"enabled"`
// Id Service ID
Id string `json:"id"`
Meta ServiceMeta `json:"meta"`
Id string `json:"id"`
// ListenPort Port the proxy listens on (L4/TLS only)
ListenPort *int `json:"listen_port,omitempty"`
Meta ServiceMeta `json:"meta"`
// Mode Service mode. "http" for L7 reverse proxy, "tcp"/"udp"/"tls" for L4 passthrough.
Mode *ServiceMode `json:"mode,omitempty"`
// Name Service name
Name string `json:"name"`
@@ -3514,6 +3586,9 @@ type Service struct {
// PassHostHeader When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address
PassHostHeader *bool `json:"pass_host_header,omitempty"`
// PortAutoAssigned Whether the listen port was auto-assigned
PortAutoAssigned *bool `json:"port_auto_assigned,omitempty"`
// ProxyCluster The proxy cluster handling this service (derived from domain)
ProxyCluster *string `json:"proxy_cluster,omitempty"`
@@ -3524,6 +3599,9 @@ type Service struct {
Targets []ServiceTarget `json:"targets"`
}
// ServiceMode Service mode. "http" for L7 reverse proxy, "tcp"/"udp"/"tls" for L4 passthrough.
type ServiceMode string
// ServiceAuthConfig defines model for ServiceAuthConfig.
type ServiceAuthConfig struct {
BearerAuth *BearerAuthConfig `json:"bearer_auth,omitempty"`
@@ -3549,7 +3627,7 @@ type ServiceMetaStatus string
// ServiceRequest defines model for ServiceRequest.
type ServiceRequest struct {
Auth ServiceAuthConfig `json:"auth"`
Auth *ServiceAuthConfig `json:"auth,omitempty"`
// Domain Domain for the service
Domain string `json:"domain"`
@@ -3557,6 +3635,12 @@ type ServiceRequest struct {
// Enabled Whether the service is enabled
Enabled bool `json:"enabled"`
// ListenPort Port the proxy listens on (L4/TLS only). Set to 0 for auto-assignment.
ListenPort *int `json:"listen_port,omitempty"`
// Mode Service mode. "http" for L7 reverse proxy, "tcp"/"udp"/"tls" for L4 passthrough.
Mode *ServiceRequestMode `json:"mode,omitempty"`
// Name Service name
Name string `json:"name"`
@@ -3567,9 +3651,12 @@ type ServiceRequest struct {
RewriteRedirects *bool `json:"rewrite_redirects,omitempty"`
// Targets List of target backends for this service
Targets []ServiceTarget `json:"targets"`
Targets *[]ServiceTarget `json:"targets,omitempty"`
}
// ServiceRequestMode Service mode. "http" for L7 reverse proxy, "tcp"/"udp"/"tls" for L4 passthrough.
type ServiceRequestMode string
// ServiceTarget defines model for ServiceTarget.
type ServiceTarget struct {
// Enabled Whether this target is enabled
@@ -3579,10 +3666,10 @@ type ServiceTarget struct {
Host *string `json:"host,omitempty"`
Options *ServiceTargetOptions `json:"options,omitempty"`
// Path URL path prefix for this target
// Path URL path prefix for this target (HTTP only)
Path *string `json:"path,omitempty"`
// Port Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https).
// Port Backend port for this target
Port int `json:"port"`
// Protocol Protocol to use when connecting to the backend
@@ -3591,14 +3678,14 @@ type ServiceTarget struct {
// TargetId Target ID
TargetId string `json:"target_id"`
// TargetType Target type (e.g., "peer", "resource")
// TargetType Target type
TargetType ServiceTargetTargetType `json:"target_type"`
}
// ServiceTargetProtocol Protocol to use when connecting to the backend
type ServiceTargetProtocol string
// ServiceTargetTargetType Target type (e.g., "peer", "resource")
// ServiceTargetTargetType Target type
type ServiceTargetTargetType string
// ServiceTargetOptions defines model for ServiceTargetOptions.
@@ -3609,9 +3696,15 @@ type ServiceTargetOptions struct {
// PathRewrite Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. "preserve" keeps the full original request path.
PathRewrite *ServiceTargetOptionsPathRewrite `json:"path_rewrite,omitempty"`
// ProxyProtocol Send PROXY Protocol v2 header to this backend (TCP/TLS only)
ProxyProtocol *bool `json:"proxy_protocol,omitempty"`
// RequestTimeout Per-target response timeout as a Go duration string (e.g. "30s", "2m")
RequestTimeout *string `json:"request_timeout,omitempty"`
// SessionIdleTimeout Idle timeout before a UDP session is reaped, as a Go duration string (e.g. "30s", "2m"). Maximum 10m.
SessionIdleTimeout *string `json:"session_idle_timeout,omitempty"`
// SkipTlsVerify Skip TLS certificate verification for this backend
SkipTlsVerify *bool `json:"skip_tls_verify,omitempty"`
}
@@ -4136,6 +4229,9 @@ type ZoneRequest struct {
Name string `json:"name"`
}
// Conflict Standard error response. Note: The exact structure of this error response is inferred from `util.WriteErrorResponse` and `util.WriteError` usage in the provided Go code, as a specific Go struct for errors was not provided.
type Conflict = ErrorResponse
// GetApiEventsNetworkTrafficParams defines parameters for GetApiEventsNetworkTraffic.
type GetApiEventsNetworkTrafficParams struct {
// Page Page number

53
shared/management/proto/management.pb.go
View File

@@ -228,6 +228,7 @@ const (
ExposeProtocol_EXPOSE_HTTPS ExposeProtocol = 1
ExposeProtocol_EXPOSE_TCP ExposeProtocol = 2
ExposeProtocol_EXPOSE_UDP ExposeProtocol = 3
ExposeProtocol_EXPOSE_TLS ExposeProtocol = 4
)
// Enum value maps for ExposeProtocol.
@@ -237,12 +238,14 @@ var (
1: "EXPOSE_HTTPS",
2: "EXPOSE_TCP",
3: "EXPOSE_UDP",
4: "EXPOSE_TLS",
}
ExposeProtocol_value = map[string]int32{
"EXPOSE_HTTP": 0,
"EXPOSE_HTTPS": 1,
"EXPOSE_TCP": 2,
"EXPOSE_UDP": 3,
"EXPOSE_TLS": 4,
}
)
@@ -4047,6 +4050,7 @@ type ExposeServiceRequest struct {
UserGroups []string `protobuf:"bytes,5,rep,name=user_groups,json=userGroups,proto3" json:"user_groups,omitempty"`
Domain string `protobuf:"bytes,6,opt,name=domain,proto3" json:"domain,omitempty"`
NamePrefix string `protobuf:"bytes,7,opt,name=name_prefix,json=namePrefix,proto3" json:"name_prefix,omitempty"`
ListenPort uint32 `protobuf:"varint,8,opt,name=listen_port,json=listenPort,proto3" json:"listen_port,omitempty"`
}
func (x *ExposeServiceRequest) Reset() {
@@ -4130,14 +4134,22 @@ func (x *ExposeServiceRequest) GetNamePrefix() string {
return ""
}
func (x *ExposeServiceRequest) GetListenPort() uint32 {
if x != nil {
return x.ListenPort
}
return 0
}
type ExposeServiceResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
ServiceName string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"`
ServiceUrl string `protobuf:"bytes,2,opt,name=service_url,json=serviceUrl,proto3" json:"service_url,omitempty"`
Domain string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
ServiceName string `protobuf:"bytes,1,opt,name=service_name,json=serviceName,proto3" json:"service_name,omitempty"`
ServiceUrl string `protobuf:"bytes,2,opt,name=service_url,json=serviceUrl,proto3" json:"service_url,omitempty"`
Domain string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
PortAutoAssigned bool `protobuf:"varint,4,opt,name=port_auto_assigned,json=portAutoAssigned,proto3" json:"port_auto_assigned,omitempty"`
}
func (x *ExposeServiceResponse) Reset() {
@@ -4193,6 +4205,13 @@ func (x *ExposeServiceResponse) GetDomain() string {
return ""
}
func (x *ExposeServiceResponse) GetPortAutoAssigned() bool {
if x != nil {
return x.PortAutoAssigned
}
return false
}
type RenewExposeRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@@ -4996,7 +5015,7 @@ var file_management_proto_rawDesc = []byte{
0x64, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6d, 0x61,
0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x49, 0x6e, 0x66,
0x6f, 0x52, 0x0e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x50, 0x6f, 0x72,
0x74, 0x22, 0xea, 0x01, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x53, 0x65, 0x72, 0x76,
0x74, 0x22, 0x8b, 0x02, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x53, 0x65, 0x72, 0x76,
0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f,
0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x36,
0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e,
@@ -5010,15 +5029,20 @@ var file_management_proto_rawDesc = []byte{
0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18,
0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1f, 0x0a,
0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x07, 0x20, 0x01,
0x28, 0x09, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x73,
0x0a, 0x15, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69,
0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73,
0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x65,
0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0a, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x64,
0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d,
0x61, 0x69, 0x6e, 0x22, 0x2c, 0x0a, 0x12, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x45, 0x78, 0x70, 0x6f,
0x28, 0x09, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1f,
0x0a, 0x0b, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x08, 0x20,
0x01, 0x28, 0x0d, 0x52, 0x0a, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x22,
0xa1, 0x01, 0x0a, 0x15, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x65, 0x72,
0x76, 0x69, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28,
0x09, 0x52, 0x0a, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x16, 0x0a,
0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64,
0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x61, 0x75,
0x74, 0x6f, 0x5f, 0x61, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28,
0x08, 0x52, 0x10, 0x70, 0x6f, 0x72, 0x74, 0x41, 0x75, 0x74, 0x6f, 0x41, 0x73, 0x73, 0x69, 0x67,
0x6e, 0x65, 0x64, 0x22, 0x2c, 0x0a, 0x12, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x45, 0x78, 0x70, 0x6f,
0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d,
0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69,
0x6e, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65,
@@ -5039,12 +5063,13 @@ var file_management_proto_rawDesc = []byte{
0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x06, 0x0a, 0x02, 0x49, 0x4e, 0x10, 0x00, 0x12, 0x07,
0x0a, 0x03, 0x4f, 0x55, 0x54, 0x10, 0x01, 0x2a, 0x22, 0x0a, 0x0a, 0x52, 0x75, 0x6c, 0x65, 0x41,
0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x43, 0x45, 0x50, 0x54, 0x10,
0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x52, 0x4f, 0x50, 0x10, 0x01, 0x2a, 0x53, 0x0a, 0x0e, 0x45,
0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x52, 0x4f, 0x50, 0x10, 0x01, 0x2a, 0x63, 0x0a, 0x0e, 0x45,
0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0f, 0x0a,
0x0b, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x10, 0x00, 0x12, 0x10,
0x0a, 0x0c, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x48, 0x54, 0x54, 0x50, 0x53, 0x10, 0x01,
0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x54, 0x43, 0x50, 0x10, 0x02,
0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x55, 0x44, 0x50, 0x10, 0x03,
0x12, 0x0e, 0x0a, 0x0a, 0x45, 0x58, 0x50, 0x4f, 0x53, 0x45, 0x5f, 0x54, 0x4c, 0x53, 0x10, 0x04,
0x32, 0xfd, 0x06, 0x0a, 0x11, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53,
0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x45, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12,
0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63,

3
shared/management/proto/management.proto
View File

@@ -652,6 +652,7 @@ enum ExposeProtocol {
EXPOSE_HTTPS = 1;
EXPOSE_TCP = 2;
EXPOSE_UDP = 3;
EXPOSE_TLS = 4;
}
message ExposeServiceRequest {
@@ -662,12 +663,14 @@ message ExposeServiceRequest {
repeated string user_groups = 5;
string domain = 6;
string name_prefix = 7;
uint32 listen_port = 8;
}
message ExposeServiceResponse {
string service_name = 1;
string service_url = 2;
string domain = 3;
bool port_auto_assigned = 4;
}
message RenewExposeRequest {

676
shared/management/proto/proxy_service.pb.go
View File

File diff suppressed because it is too large Load Diff

16
shared/management/proto/proxy_service.proto
View File

@@ -27,12 +27,19 @@ service ProxyService {
rpc ValidateSession(ValidateSessionRequest) returns (ValidateSessionResponse);
}
// ProxyCapabilities describes what a proxy can handle.
message ProxyCapabilities {
// Whether the proxy can bind arbitrary ports for TCP/UDP/TLS services.
optional bool supports_custom_ports = 1;
}
// GetMappingUpdateRequest is sent to initialise a mapping stream.
message GetMappingUpdateRequest {
string proxy_id = 1;
string version = 2;
google.protobuf.Timestamp started_at = 3;
string address = 4;
ProxyCapabilities capabilities = 5;
}
// GetMappingUpdateResponse contains zero or more ProxyMappings.
@@ -61,6 +68,10 @@ message PathTargetOptions {
google.protobuf.Duration request_timeout = 2;
PathRewriteMode path_rewrite = 3;
map<string, string> custom_headers = 4;
// Send PROXY protocol v2 header to this backend.
bool proxy_protocol = 5;
// Idle timeout before a UDP session is reaped.
google.protobuf.Duration session_idle_timeout = 6;
}
message PathMapping {
@@ -91,6 +102,10 @@ message ProxyMapping {
// When true, Location headers in backend responses are rewritten to replace
// the backend address with the public-facing domain.
bool rewrite_redirects = 9;
// Service mode: "http", "tcp", "udp", or "tls".
string mode = 10;
// For L4/TLS: the port the proxy listens on.
int32 listen_port = 11;
}
// SendAccessLogRequest consists of one or more AccessLogs from a Proxy.
@@ -117,6 +132,7 @@ message AccessLog {
bool auth_success = 13;
int64 bytes_upload = 14;
int64 bytes_download = 15;
string protocol = 16;
}
message AuthenticateRequest {