Expose endpoints over single port (w/ TLS)

Question

Expose endpoints over single port (w/ TLS)

mrkurt opened this issue 7 years ago · 2 comments

This will replace the "assign a port for new wormhole connections" function with a single TLS'd port.

When an agent connects to the wormhole server, the server should generate a unique identifier for that endpoint.

When our proxy wants to connect to a specific endpoint, it will connect to something like: <identifier>.wormhole.server.com:443 with TLS

Wormhole server should:

Accept the connection
Lookup the endpoint using SNI
Validate the proxy's client certificate for that particular endpoint/backend.

This will simplify how we use wormhole substantially. Right now, we have to run an additional "backhaul" proxy to bounce connections around internally.

Answer 1 · 2017-12-21T18:29:04.000Z

Definitely.

I would do something like: <identifier>.<cluster_url> the cluster_url would contain the region and information. Else it'd be hard to point to the right wormhole server.

Answer 2 · 2018-01-11T00:54:22.000Z

Closed with #38