-
Notifications
You must be signed in to change notification settings - Fork 4
Port Forwarder
Sam Silverberg edited this page Dec 20, 2021
·
5 revisions
The Portforwarder functionality enables the SDFS proxy to redirect to multiple backend sdfs volumes. This will allow for one externally open tcp port on an sdfs server and multiple backend sdfs volumes behind it.
sdfsproxy -listen-port localhost:16442 -pf-config pfconfig.json -s
To enable this feature pf-config command line parameter must be populated with a config. Below is a sample config
{
"forwarders" : [
{
"address" : "sdfs://localhost:6442"
},
{
"address" : "sdfs://localhost:6443"
},
{
"address" : "sdfs://localhost:6444"
}
]
}
The syntax is as follows for the config
| name | required | description |
|---|---|---|
| forwarders | A list of backend volumes to forward traffic to |
Forward Instance Syntax
| name | default value | required | description |
|---|---|---|---|
| pwd | none | false | password for backend volume |
| user | none | false | user for backend volume |
| local-auth | none | false | password for local authentication |
| trust-all | false | false | will trust any server certs for the backend volume |
| mtls | false | false | will use mtls to connect to the backend volume |
| root-ca | none | required if mtls set to true | the local path to the root ca cert required for mutual tls |
| mtls-key | none | required if mtls set to true | the local path to the client key required for mutual tls |
| mtls-cert | none | required if mtls set to true | the local path to the client cert required for mutual tls |
| dedupe | false | false | if set to true, enables deduplication within the proxy for forwarded connections |
To enable mtls termination on the proxy server the following command line switches must be set:
| name | description |
|---|---|
| server-mtls | Use MTLS for listening port. This will use the certs located in $HOME/.sdfs/keys/[server.crt,server.key,server.crt] unless otherwise specified |
| server-root-ca | The path the CA cert used to sign the MTLS Cert. This defaults to $HOME/.sdfs/keys/ca.crt |
| server-mtls-key | The path the private key used for mutual TLS. This defaults to $HOME/.sdfs/keys/server.key |
| server-mtls-cert | The path the server cert used for mutual TLS. This defaults to $HOME/.sdfs/keys/server.crt |
sdfsproxy -listen-port localhost:16442 -pf-config pfconfig.json -s -server-mtls -server-mtls-cert out/tls_key.crt -server-mtls-key out/tls_key.key -server-root-ca out/signer_key.crt
Todo:
- Add ability to dynamically create and remove volumes
- Test windows version