Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firewall/NGINX configuration on the server #12

Closed
breezykermo opened this issue Apr 11, 2022 · 4 comments
Closed

Firewall/NGINX configuration on the server #12

breezykermo opened this issue Apr 11, 2022 · 4 comments

Comments

@breezykermo
Copy link

breezykermo commented Apr 11, 2022
edited
Loading

Thanks so much for this wonderful tool, and for the excellent example of a simple and useful Rust codebase.

I'm not totally familiar with how tunnels work, and so it may be that this is an easy question to answer: but how does one set this up when using a firewall (UFW) and NGINX on the server-side? Do I need to expose just the control port in the NGINX configuration, or will there be issues when attempting to open a new tunnel?

Thanks again for the excellent software!
@breezykermo breezykermo changed the title Nginx configuration on the server Firewall/NGINX configuration on the server Apr 11, 2022
@ekzhang
Copy link
Owner

ekzhang commented Apr 11, 2022

Hey Lachlan, bore assigns arbitrary ports in the range specified, from the configured min_port number (default 1024) to 65535. You would need to set your firewall to allow incoming TCP connections on those ports. You also need to enable the control port, which currently is fixed at 7835 and non-configurable.

bore is a standalone network service at the transport layer and doesn't conflict with or otherwise interact with nginx. You can run nginx and bore at the same computer together. For example, the public server instance at bore.pub has a quick nginx configuration set up that handles the 308 Permanent Redirect / -> https://github.com/ekzhang/bore response.

@breezykermo
Copy link
Author

breezykermo commented Apr 11, 2022
edited
Loading

Apologies if this is not the appropriate place to ask for this configuration (feel free to close if this is not support you are interested in providing!); but I am still having trouble.

The following is my UFW status on a remote machine, and the server running on a process:
Screen Shot 2022-04-11 at 6 15 25 PM
Screen Shot 2022-04-11 at 6 15 39 PM

When I try to connect from a local terminal, I get the following:
Screen Shot 2022-04-11 at 6 19 30 PM

Have I set this up incorrectly?

@ekzhang
Copy link
Owner

ekzhang commented Apr 12, 2022

Hi Lachlan, I'm not an expert on UFW but a quick Google search shows that the syntax for allowing a port range is 1024:65535, not 1024,65535 as you've shown in your screenshot. Could you try allowing the full range of ports used by bore?

@breezykermo
Copy link
Author

Wow, that was indeed it. Thank you for bearing with me, being network-illiterate! For those who have the same issue, the solution was to run this command on the server: sudo ufw allow proto tcp from any to any port 1024:65535

@orhun orhun mentioned this issue Jul 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ekzhang @breezykermo