In our last blog post, we announced the mysocket service and demonstrated how to get started quickly. It's been great to see people signing up and giving it a spin! Your feedback has been great, motivating, and has helped make the service better already.
Most users that gave mysocket a try used the mysocketctl connect (aka "quick connect") feature. This is the easiest way to get started and instantly creates a global socket, great for quick testing. However, when you're done and exit the program, the "connect" feature cleans up the socket. It's easy to create new ones, but each time with a different name. Not surprisingly then, that a few users asked the question about sockets with static names.
Static names for your services
Most residential ISPs give their customers a dynamic IP address (one that changes from time to time) through DHCP. If you have a service you'd like to make available but don't have a static IP, then this post is for you!
Perhaps you have a server at home, either a fancy setup, rack-mounted and UPS for emergency power, or perhaps just a modest Raspberry Pi. Either way, you'd like to make this available from the Internet, so you can access it when you're not at your home network, or perhaps you are home, but your nice cooperate VPN client blocks access to your local network. Or maybe you'd like to make it available to your friend.
That's great, but you have two challenges:
1) the server sits behind NAT, so you can't simply connect to the server from the Internet.
2) your ISP gives you dynamic IPs, so every few days/weeks, the IP changes, so it's hard to keep track of the IP. Ideally, you could use a static name, that no matter your dynamic IP, remains stable.
So what you'd need is a static DNS name! Good news, that's the default on the Socket primitive.
Mysocket primitives
Let's take a more in-depth look at the two main primitives that make up the mysocket service: Sockets and Tunnels
A Global Socket
The first primitive we need is a socket object. This object is the public endpoint for your service and can be created like this:
mysocketctl socket create \
--type http \
--name "my service at home"
This, among other things, returns a static DNS name that is yours to use. Think of it as your global public endpoint for your load balancer. In this case, mysocket runs the load balancer, and it's made highly available through our anycast setup.
In the example above, we created an HTTP/HTTPS socket. Other options are TCP and TLS sockets. In those cases, the API will return not only a static DNS name for your service but also your own dedicated static TCP port number. A typical use case for a TCP socket is making your ssh service available.
Tunnels
The second primitive is a tunnel. A tunnel object represents your origin service and the secure connection between the origin and the mysocket global infrastructure. Let's look at the example below.
mysocketctl tunnel create \
--socket_id 1fab407c-a49d-4c5e-8287-8b138b7549c0
When creating the tunnel object, simply pass along the socket_id from the socket you'd like to be connected to.
Putting it together
In summary, we can create a globally available service by first creating a socket of type HTTP/HTTPS, TCP or TLS. This returns a static name for your service and optionally a unique port number. After that, we create a tunnel that links the origin to the socket.
Now that we have created a Socket and Tunnel, it's time to connect to it, spin up the dataplane, and expose the local service port. We do that using the following command:
mysocketctl tunnel connect \
--port 8000 \
--socket_id 1fab407c-a49d-4c5e-8287-8b138b7549c0 \
--tunnel_id 3f46a01f-ef5b-4b0c-a1ce-9a294be2be03
In the example above, we only create one tunnel for the socket, but nothing stops you from creating multiple tunnels (origins) per socket. In that case, mysocket will load balance over all available tunnels.
Demo time: exposing a local Gif service to the Internet
Alright, time to look at a simple demo and get our hands dirty. For this demo, I developed a small proof of concept python web service that shows a random Gif from Giphy each time a visitor loads the webpage.
I'm running this service locally on a VM on my laptop. The goal is to make this service publicly available, and overcoming the two levels of NAT and my ISP that hands out dynamic IP addresses. At the end of this demo, I'm able to share a static DNS name with my users, and you'll be able to try it!
Watch the video below for a live demo.
First, let's download the demo python code and start the Gif web service
wget https://gist.githubusercontent.com/atoonk/0bfc784feb66ffc03541462fbc945df7/raw/812d839f60ea7bfd98a530a3fc549137abe0b329/gif_service.py
#make sure to update the API key
python3 ./gif_service.py
Alright, now we have this service running, but it's only reachable from my local network. Next up, we create a socket and a tunnel.
mysocketctl socket create \
--name "my local http Gif service" \
--type http
Ok, that returns a socket_id and our static DNS name! In my case, the DNS name is: wandering-shape-7752.edge.mysocket.io
Next up, we'll use the socket_id to create the tunnel object:
mysocketctl tunnel create \
--socket_id 1fab407c-a49d-4c5e-8287-8b138b7549c0
Cool, now all we need to do is start the tunnel connection.
mysocketctl tunnel connect \
--port 8000 \
--socket_id 1fab407c-a49d-4c5e-8287-8b138b7549c0 \
--tunnel_id 3f46a01f-ef5b-4b0c-a1ce-9a294be2be03
This will securely connect the local gif web service listening on port 8000, to the mysocket infrastructure and make it available as https://wandering-shape-7752.edge.mysocket.io/
Wrapping up
In this blog post, we looked at the two main mysocket primitives, Sockets, and Tunnels. We saw how users can create a Socket object and get a static DNS name and possibly even a dedicated TCP port. In the demo, we used the tunnel connect feature to make port 8000 on my local VM available to the Internet.
With that, we made the Internet a little bit better by adding yet another Gif service, that just happens to run on a VM hosted on my laptop.
Top comments (1)
TLS Tunnel is a free VPN that seeks to help users bypass barriers erected by internet service providers and governments, while also ensuring their privacy, freedom, and anonymity. The official servers employ a proprietary protocol called TLSVPN, which is a basic protocol that protects the connection using TLS 1.3 (and optionally TLS 1.2) and a self-signed certificate checked at the time of connection to prevent interception.