Setup two containers that use Ghostunnel to establish a channel between themselves.
Ghostunnel uses Go SPIFFE library to parse and verify the SAN URI SPIFFE value.
How to test:
- Install Docker Compose.
- Clone this repository.
- Build all containers with
make. - Run the scenario with
make run. This will create a full tunnel by doing the following:
- Launch a terminal in the database container, with a netcat command to simulate a database server listening on port 8001.
- Launch a terminal in the database container, showing Ghostunnel running in server mode listening for incoming TLS connections on database:8002 and forwarding them to localhost:8001. The
allow-uri-sanparameter is used to specify what clients with the given URI subject alternative name are allowed. - Launch a terminal in the blog container, with Ghostunnel running in client mode, listening on localhost:8003 and proxying requests to the TLS server on database:8002.
- Launch a terminal in the blog container, with a netcat command that makes that the standard input is sent to localhost:8003.
- The scenario can be cleaned running
make clean. - A default valid value is provided for the
allow-uri-sanparameter. Different values can be provided to the Ghostunnel server executing:make run URI=[my custom uri].
Note: The make run command assumes the existence of the x-terminal-emulator symbolic link to launch new terminals. If this link is not available in your system, replace it with the terminal installed of your preference.