RDNET-798 update chisel from upstream (#5)

* Set ServerName (SNI) to *hostname. Useful for spoofing our way through restrictive gateways.

* Bump actions/checkout from 2 to 3.1.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* Added --sni switch to control the ServerName when connecting with TLS. Makes 'domain fronting' possible.

* feat: dependabot workflow automation for updating dependency 

Signed-off-by: Pratik Raj <[email protected]>

* Bump github.com/fsnotify/fsnotify from 1.4.9 to 1.6.0 (jpillora#389)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* UDP buffer size override with CHISEL_UDP_MAX_SIZE environment variable (jpillora#367)

* Add locking around the connection count to fix a data race. (jpillora#342)

Co-authored-by: andres-portainer <[email protected]>

* fix: small typo error in main.go (jpillora#334)

* Respond to /health and /version by request path rather than by the whole url string (jpillora#328)

Co-authored-by: bar <[email protected]>

* Update version.go (jpillora#288)

* Providing chisel's client with a logger level (jpillora#281)

Co-authored-by: Barak Sharoni <[email protected]>
Co-authored-by: barak-sharoni-velocity <[email protected]>

* add EnvBool

* Fix jpillora#390: Use code to generate certificates for client & server (jpillora#400)

* docker alpine->google-distroless

* docker to use scratch

* Fix missing NetDialContext: c.config.DialContext (jpillora#398)

* actions: setup go v3

* switch to scratch image

* update dependabot

* move chisel to flyio

* update from upstream

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Pratik Raj <[email protected]>
Co-authored-by: ip-rw <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pratik Raj <[email protected]>
Co-authored-by: Jaime Pillora <[email protected]>
Co-authored-by: fsiegmund <[email protected]>
Co-authored-by: andres-portainer <[email protected]>
Co-authored-by: andres-portainer <[email protected]>
Co-authored-by: 0xflotus <[email protected]>
Co-authored-by: BigSully <[email protected]>
Co-authored-by: bar <[email protected]>
Co-authored-by: invist <[email protected]>
Co-authored-by: zuzgon <[email protected]>
Co-authored-by: Barak Sharoni <[email protected]>
Co-authored-by: barak-sharoni-velocity <[email protected]>
Co-authored-by: Jaime Pillora <[email protected]>
Co-authored-by: Guillaume SMAHA <[email protected]>

Author: 14 people

.github/dependabot.yml

@@ -4,4 +4,10 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
+
+# Dependencies listed in go.mod
+  - package-ecosystem: "gomod"
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "monthly"

.github/gocompare.sh

@@ -35,6 +35,7 @@ archives:
     files:
       - none*
 release:
+  draft: true
   prerelease: auto
 changelog:
   sort: asc

.github/goreleaser.yml

@@ -10,69 +10,69 @@ jobs:
     name: Test
     strategy:
       matrix:
-        go-version: [1.13.x, 1.14.x, 1.15.x]
+        go-version: [1.18.x, 1.19.x]
         platform: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.platform }}
     steps:
       - name: Install Go
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go-version }}
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Build
-        run: go build -v .
+        run: go build -v -o /dev/null .
       - name: Test
         run: go test -v ./...
-        env:
-          GODEBUG: x509ignoreCN=0
   # ================
-  # RELEASE JOB
+  # RELEASE JOBS
   #   runs after a success test
   #   only runs on push "v*" tag
   # ================
-  release:
-    name: Release
+  release_binaries:
+    name: Release Binaries
     needs: test
     if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: goreleaser
         if: success()
         uses: docker://goreleaser/goreleaser:latest
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           args: release --config .github/goreleaser.yml
+  release_docker:
+    name: Release Docker Images
+    needs: test
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v1
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: jpillora
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Docker meta
         id: docker_meta
-        uses: crazy-max/ghaction-docker-meta@v1
+        uses: docker/metadata-action@v4
         with:
           images: jpillora/chisel
-          tag-latest: true
-          # Outputs:
-          # jpillora/chisel:1.2.3
-          # jpillora/chisel:1.2
-          # jpillora/chisel:1
-          # jpillora/chisel:latest
-          tag-semver: |
-            {{version}}
-            {{major}}.{{minor}}
-            {{major}}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/386,linux/arm/v7,linux/arm/v6

.github/workflows/ci.yml

@@ -1,17 +1,16 @@
 # build stage
-FROM golang:alpine AS build-env
-LABEL maintainer="[email protected]"
-RUN apk update
-RUN apk add git
-ENV CGO_ENABLED 0
+FROM golang:alpine AS build
+RUN apk update && apk add git
 ADD . /src
 WORKDIR /src
+ENV CGO_ENABLED 0
 RUN go build \
     -ldflags "-X github.com/jpillora/chisel/share.BuildVersion=$(git describe --abbrev=0 --tags)" \
-    -o chisel
-# container stage
-FROM alpine
-RUN apk update && apk add --no-cache ca-certificates
+    -o /tmp/bin
+# run stage
+FROM scratch
+LABEL maintainer="[email protected]"
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 WORKDIR /app
-COPY --from=build-env /src/chisel /app/chisel
-ENTRYPOINT ["/app/chisel"]
+COPY --from=build /tmp/bin /app/bin
+ENTRYPOINT ["/app/bin"]

Dockerfile

@@ -167,7 +167,7 @@ $ chisel server --help
     and you cannot set --tls-domain.
 
     --tls-domain, Enables TLS and automatically acquires a TLS key and
-    certificate using LetsEncypt. Setting --tls-domain requires port 443.
+    certificate using LetsEncrypt. Setting --tls-domain requires port 443.
     You may specify multiple --tls-domain flags to serve multiple domains.
     The resulting files are cached in the "$HOME/.cache/chisel" directory.
     You can modify this path by setting the CHISEL_LE_CACHE variable,

README.md

@@ -42,6 +42,7 @@ type Config struct {
 	Headers          http.Header
 	TLS              TLSConfig
 	DialContext      func(ctx context.Context, network, addr string) (net.Conn, error)
+	Verbose          bool
 }
 
 //TLSConfig for a Client
@@ -50,6 +51,7 @@ type TLSConfig struct {
 	CA         string
 	Cert       string
 	Key        string
+	ServerName string
 }
 
 //Client represents a client instance
@@ -103,10 +105,13 @@ func NewClient(c *Config) (*Client, error) {
 		tlsConfig: nil,
 	}
 	//set default log level
-	client.Logger.Info = true
+	client.Logger.Info = c.Verbose
 	//configure tls
 	if u.Scheme == "wss" {
 		tc := &tls.Config{}
+		if c.TLS.ServerName != "" {
+			tc.ServerName = c.TLS.ServerName
+		}
 		//certificate verification config
 		if c.TLS.SkipVerify {
 			client.Infof("TLS verification disabled")

client/client.go

@@ -39,7 +39,7 @@ func (c *Client) connectionLoop(ctx context.Context) error {
 			if attempt > 0 {
 				maxAttemptVal := fmt.Sprint(maxAttempt)
 				if maxAttempt < 0 {
-					maxAttemptVal = "unlimited";
+					maxAttemptVal = "unlimited"
 				}
 				msg += fmt.Sprintf(" (Attempt: %d/%s)", attempt, maxAttemptVal)
 			}
@@ -64,7 +64,7 @@ func (c *Client) connectionLoop(ctx context.Context) error {
 	return nil
 }
 
-//connectionOnce connects to the chisel server and blocks
+// connectionOnce connects to the chisel server and blocks
 func (c *Client) connectionOnce(ctx context.Context) (connected bool, err error) {
 	//already closed?
 	select {
@@ -82,6 +82,7 @@ func (c *Client) connectionOnce(ctx context.Context) (connected bool, err error)
 		TLSClientConfig:  c.tlsConfig,
 		ReadBufferSize:   settings.EnvInt("WS_BUFF_SIZE", 0),
 		WriteBufferSize:  settings.EnvInt("WS_BUFF_SIZE", 0),
+		NetDialContext:   c.config.DialContext,
 	}
 	//optional proxy
 	if p := c.proxyURL; p != nil {

client/client_connect.go

@@ -0,0 +1,2 @@
+FROM jpillora/chisel
+ENTRYPOINT ["/app/bin", "server", "--port", "443", "--tls-domain", "chisel.jpillora.com"]

example/Flyfile

@@ -0,0 +1,13 @@
+app = "jp-chisel"
+kill_signal = "SIGINT"
+kill_timeout = 5
+processes = []
+
+[build]
+  dockerfile = "Flyfile"
+
+[[services]]
+  internal_port = 443
+  protocol = "tcp"
+  [[services.ports]]
+    port = "443"