My Workflow
Since GitHub Actions is an IaaS, and Actions Hackathon 2021 allows Wacky Wildcards, I wonder if I can use it as a proxy and view the internet from the perspective of GitHub's servers. So I created a proof of concept SOCKS5 proxy hosted on GitHub Actions.
As GitHub Actions runners are firewalled from incoming connections, what I did is connect to it through Cloudflare Tunnel. And as Cloudflare Tunnel can't tunnel TCP connections (we can use Ngrok but that's for another story), we tunnel SOCKS5 through websockets using Chisel.
Here you can see that I'm browsing the internet using Microsoft's IP address.
Here you can see a speed test from my 45 mbps internet connection.
This action can also be used as a VPN.
Submission Category:
Wacky Wildcards
Yaml File or Link to Code
name: Host Chisel SOCKS5 Proxy
on:
workflow_dispatch:
inputs:
time-duration:
description: Time to run chisel
required: true
default: 10m
jobs:
socks5-proxy:
runs-on: ubuntu-latest
steps:
- name: Install chisel
working-directory: ${{ runner.temp }}
env:
version: 1.7.6
run: |
aria2c -x 16 "https://github.com/jpillora/chisel/releases/latest/download/chisel_${version}_linux_amd64.gz"
gzip -d chisel_${version}_linux_amd64.gz
mv chisel_${version}_linux_amd64 /usr/local/bin/chisel
chmod +x /usr/local/bin/chisel
- name: Setup Cloudflare Tunnel client
uses: AnimMouse/setup-cloudflared@v1
with:
cloudflare_tunnel_certificate: ${{ secrets.CLOUDFLARE_TUNNEL_CERTIFICATE }}
cloudflare_tunnel_credential: ${{ secrets.CLOUDFLARE_TUNNEL_CREDENTIAL }}
cloudflare_tunnel_configuration: ${{ secrets.CLOUDFLARE_TUNNEL_CONFIGURATION }}
cloudflare_tunnel_id: ${{ secrets.CLOUDFLARE_TUNNEL_ID }}
- name: Run chisel
run: timeout "${{ github.event.inputs.time-duration }}" chisel server --socks5 || true
- name: Shutdown and view logs of Cloudflare Tunnel
if: always()
uses: AnimMouse/setup-cloudflared/shutdown@v1
AnimMouse / SOCKS5-proxy-actions
Proof of concept SOCKS5 proxy running on GitHub Actions through Chisel
SOCKS5 Proxy Actions
SOCKS5 Proxy hosted on GitHub Actions.
Proof of concept Chisel's SOCKS5 Proxy running on GitHub Actions.
As GitHub Actions runner does not have an accessible IP address, we use Cloudflare Tunnel to have a tunnel to GitHub Actions runner.
Your Computer > Cloudflare > GitHub Actions runner > GitHub Actions' Internet
Usage
- Setup Cloudflare Tunnel Client by following instructions on setup-cloudflared README.md.
- At the config.yml, set
service:
tohttp://localhost:8080
atingress:
.
ingress:
- service: http://localhost:8080
- Run the workflow.
- Connect to your chisel websocket by running
chisel client https://example.com/ socks
. - Connect your browser to chisel's SOCKS5 proxy by setting proxy settings to
localhost:1080
.
Additional Resources / Info
AnimMouse / setup-cloudflared
Setup/Install Cloudflare Tunnel client for GitHub Actions
Setup cloudflared for GitHub Actions
Setup Cloudflare Tunnel client for GitHub Actions.
This action installs cloudflared for use in actions by installing it on tool cache using AnimMouse/tool-cache.
This action will automatically sign in and start Cloudflare Tunnel.
Other virtual environments besides Ubuntu are not supported yet.
Test page for setup-cloudflared
Usage
- Paste the contents of the cert.prm file to
CLOUDFLARE_TUNNEL_CERTIFICATE
secret. No need to encode it to base64 as it is already in base64. - Encode the JSON credential in base64 using this command
base64 -w 0 <cloudflare-tunnel-id>.json
and paste it toCLOUDFLARE_TUNNEL_CREDENTIAL
secret. - At the config.yml, set
credentials-file:
to/home/runner/.cloudflared/<cloudflare-tunnel-id>.json
- Encode the config.yml in base64 using this command
base64 -w 0 config.yml
and paste it toCLOUDFLARE_TUNNEL_CONFIGURATION
secret. - Add the Cloudflare Tunnel ID to
CLOUDFLARE_TUNNEL_ID
secret.
To gracefully shutdown Cloudflare Tunnel after being started in the background, use the AnimMouse/setup-cloudflared/shutdown
action as composite actions does not support post:
…
Chisel
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network.
Table of Contents
Features
- Easy to use
- Performant*
-
Encrypted connections using the SSH protocol (via
crypto/ssh
) - Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
- Client auto-reconnects with exponential backoff
- Clients can create multiple tunnel endpoints over one TCP connection
- Clients can optionally pass through SOCKS or HTTP CONNECT proxies
- Reverse port forwarding (Connections go through the server and out the client)
- Server optionally doubles as a reverse proxy
- Server optionally allows SOCKS5 connections (See guide below)
- Clients optionally allow SOCKS5 connections from a reversed port…
Top comments (0)