feat: use custom wireguard reverse proxy for dev tunnel #1975
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
969613c to
d3f1e22
Compare
d3f1e22 to
72ca611
Compare
kylecarbs
reviewed
Jun 9, 2022
| dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(device.LogLevelVerbose, "")) | ||
| err = dev.IpcSet(fmt.Sprintf(`private_key=%s | ||
| public_key=%s | ||
| endpoint=%s:55555 |
There was a problem hiding this comment.
Is 55555 a static port we use?
There was a problem hiding this comment.
Yeah, that's the UDP port on the server for Wireguard to connect to.
coderd/devtunnel/tunnel.go
Outdated
| persistent_keepalive_interval=21 | ||
| allowed_ip=%s/128`, | ||
| hex.EncodeToString(cfg.PrivateKey[:]), | ||
| encodeBase64ToHex("+KNSMwed/IlqoesvTMSBNsHFaKVLrmmaCkn0bxIhUg0="), |
There was a problem hiding this comment.
This is the hardcoded public key of the server. I should probably move these to consts to make them more clear.
coderd/devtunnel/tunnel.go
Outdated
| hex.EncodeToString(cfg.PrivateKey[:]), | ||
| encodeBase64ToHex("+KNSMwed/IlqoesvTMSBNsHFaKVLrmmaCkn0bxIhUg0="), | ||
| wgip.IP.String(), | ||
| netip.AddrFrom16(uuid.MustParse("fcad0000-0000-4000-8000-000000000001")).String(), |
There was a problem hiding this comment.
How does this UUID come to be?
There was a problem hiding this comment.
Same here, it's the hardcoded IP of the server. I'll make this a const.
kylecarbs
approved these changes
Jun 10, 2022
Kira-Pilot
added a commit
that referenced
this pull request
Jun 14, 2022
* feat: update build url to @username/workspace/builds/buildnumber (#2234) * update build url to @username/workspace/builds/buildnumber * update errors thrown from the API * add unit tests for the new API * add t.parallel * get username and workspace name from params * fix: update icon (#2216) * feat: Show template description in `coder template init` (#2238) * fix: workspace schedule time displays (#2249) Summary: Various time displays weren't quite right. Details: - Display date (not just time) of upcoming workspace stop in workspace page - Fix ttlShutdownAt for various cases + tests - manual to non-manual - unchanged/unmodified - isBefore --> isSameOrBefore - use the delta (off by _ error) - pluralize units in dayjs.add * fix: Remove easter egg mentioning competitor (#2250) This is more confusing than helpful! * feat: Warn on coderd startup if access URL is localhost (#2248) * feat: use custom wireguard reverse proxy for dev tunnel (#1975) * fix: use correct link in create from template button (#2253) * feat: store and display template creator (#2228) * design commit * add owner_id to templates table * add owner information in apis and ui * update minWidth for statItem * rename owner to created_by * missing refactor to created_by * handle errors in fetching created_by names * feat: update language on workspace page (#2220) * fix: ensure config dir exists before reading tunnel config (#2259) * fix(devtunnel): close `http.Server` before wireguard interface (#2263) * fix: ensure `agentResource` is non-nil (#2261) * chore: add hero image to OSS docs homepage (#2241) * fix: Do not write 2 errors to api on template fetch error (#2285) * feat: add tooltips to templates page resolves #2242 Co-authored-by: Abhineet Jain <AbhineetJain@users.noreply.github.com> Co-authored-by: Joe Previte <jjprevite@gmail.com> Co-authored-by: Mathias Fredriksson <mafredri@gmail.com> Co-authored-by: G r e y <grey@coder.com> Co-authored-by: Kyle Carberry <kyle@coder.com> Co-authored-by: David Wahler <david@coder.com> Co-authored-by: Colin Adler <colin1adler@gmail.com> Co-authored-by: Garrett Delfosse <garrett@coder.com> Co-authored-by: Katie Horne <katie@coder.com> Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pr rewrites our current reverse proxy which uses frp into a simple wireguard based one. It has a few benefits compared to the old one:
After this is merged for a period of time, I'll allow PG backed deploys to use our tunnel!
Note: debug logs for wireguard are currently turned on. They'll be turned off when merged into main.