-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use spiped to secure data out of heroku
- Loading branch information
Showing
15 changed files
with
208 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
git://github.com/kr/heroku-buildpack-inline | ||
git://github.com/heroku/heroku-buildpack-ruby |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
SPIPED_CLIENT_SOURCE_SOCKET=/tmp/spiped.sock | ||
SPIPED_CLIENT_TARGET_SOCKET=127.0.0.1:7001 | ||
SPIPED_SERVER_SOURCE_SOCKET=0.0.0.0:7001 | ||
SPIPED_SERVER_TARGET_SOCKET=127.0.0.1:7002 | ||
ZMQ_BIND_URI=tcp://0.0.0.0:7002 | ||
ZMQ_CONNECT_URI=tcp://127.0.0.1:7002 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
source "https://rubygems.org" | ||
|
||
gem "rack" | ||
gem "ffi-rzmq" | ||
gem "puma" | ||
gem "sinatra" | ||
|
||
group :development do | ||
gem "foreman" | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
GEM | ||
remote: https://rubygems.org/ | ||
specs: | ||
ffi (1.0.11) | ||
ffi-rzmq (0.9.3) | ||
ffi | ||
foreman (0.47.0) | ||
thor (>= 0.13.6) | ||
puma (1.4.0) | ||
rack (~> 1.2) | ||
rack (1.4.1) | ||
rack-protection (1.2.0) | ||
rack | ||
sinatra (1.3.2) | ||
rack (~> 1.3, >= 1.3.6) | ||
rack-protection (~> 1.2) | ||
tilt (~> 1.3, >= 1.3.3) | ||
thor (0.15.2) | ||
tilt (1.3.3) | ||
|
||
PLATFORMS | ||
ruby | ||
|
||
DEPENDENCIES | ||
ffi-rzmq | ||
foreman | ||
puma | ||
rack | ||
sinatra |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
web: puma -p $PORT -q -t 0:256 | ||
spipedc: ./start-spiped-client | ||
spipeds: ./start-spiped-server | ||
server: ruby server.rb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# heroku-spiped | ||
|
||
## Dependencies | ||
|
||
install spiped from http://www.tarsnap.com/spiped.html | ||
For mac, you need to remove the `-lrt` from the `Makefile` | ||
|
||
## You can run this locally | ||
|
||
cp .env.example .env | ||
bundle | ||
bundle exec foreman start | ||
|
||
visit http://localhost:5000/raw to see raw ZMQ | ||
visit http://localhost:5000/spiped to see spiped ZMQ | ||
|
||
## Now run it on heroku | ||
|
||
choose a place to run your spiped decrypter/server or tunnel it via SSH/VPN | ||
|
||
scp key ip.of.your.server:/tmp/spiped.key | ||
spiped -d -F -s 0.0.0.0:7001 -t 127.0.0.1:7002 -k /tmp/spiped.key | ||
|
||
heroku create --buildpack https://github.com/ddollar/heroku-buildpack-multi --stack cedar spiped-for-me | ||
|
||
heroku config:add \ | ||
LD_LIBRARY_PATH=sw/usr/lib \ | ||
PATH=sw/usr/bin:bin:vendor/bundle/ruby/1.9.1/bin:/usr/local/bin:/usr/bin:/bin \ | ||
SPIPED_CLIENT_SOURCE_SOCKET=/tmp/spiped.sock \ | ||
SPIPED_CLIENT_TARGET_SOCKET=ip.of.your.server:7001 \ | ||
ZMQ_CONNECT_URI=tcp://ip.of.your.server:7002 | ||
|
||
heroku ps:scale web=1 | ||
|
||
heroku logs --tail | ||
|
||
Now you can visit http://spiped-for-me.herokuapp.com/spiped |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
#!/usr/bin/env bash | ||
# bin/compile <build-dir> <cache-dir> | ||
|
||
set -e | ||
set -o pipefail | ||
|
||
function indent() { | ||
c='s/^/ /' | ||
case $(uname) in | ||
Darwin) sed -l "$c";; | ||
*) sed -u "$c";; | ||
esac | ||
} | ||
|
||
BUILD_DIR=$1 | ||
CACHE_DIR=$2 | ||
|
||
export UBUNTU_URL=http://us.archive.ubuntu.com/ubuntu/pool | ||
|
||
install () { | ||
DEB_URL=$1 | ||
DIR=$(mktemp -d) | ||
curl -f $DEB_URL > $DIR/deb | ||
dpkg-deb -x $DIR/deb $BUILD_DIR/sw | ||
} | ||
|
||
mkdir $BUILD_DIR/sw | ||
|
||
install $UBUNTU_URL/main/l/lsof/lsof_4.81.dfsg.1-1build1_amd64.deb | ||
install http://ppa.launchpad.net/chris-lea/libpgm/ubuntu/pool/main/libp/libpgm/libpgm-5.1-0_5.1.116-1chl1~lucid1_amd64.deb | ||
install http://ppa.launchpad.net/chris-lea/zeromq/ubuntu/pool/main/z/zeromq/libzmq1_2.1.11-1chl1~lucid1_amd64.deb | ||
install http://ppa.launchpad.net/chris-lea/zeromq/ubuntu/pool/main/z/zeromq/libzmq-dev_2.1.11-1chl1~lucid1_amd64.deb | ||
|
||
export LDFLAGS="-L$BUILD_DIR/sw/lib -L$BUILD_DIR/sw/usr/lib" | ||
export CPPFLAGS="-I$BUILD_DIR/sw/usr/include" | ||
export PATH="$GEM_HOME/bin:$BUILD_DIR/sw/bin:$BUILD_DIR/sw/usr/bin:$PATH" | ||
|
||
SPIPED_DIR=$(mktemp -d) | ||
curl http://www.tarsnap.com/spiped/spiped-1.1.0.tgz |tar zxf - -C $SPIPED_DIR | ||
cd $SPIPED_DIR/spiped-1.1.0 | ||
make | ||
cp spiped $BUILD_DIR/sw/usr/bin/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/usr/bin/env bash | ||
# bin/detect <build-dir> | ||
set -e | ||
|
||
echo spiped |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/usr/bin/env bash | ||
|
||
echo "--- {}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
require 'ffi-rzmq' | ||
|
||
p context = ZMQ::Context.new | ||
p socket = context.socket(ZMQ::PUSH) | ||
p socket.connect(ENV.fetch("ZMQ_CONNECT_URI")) | ||
p socket.send_strings(["hello", *ARGV]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
Thread.abort_on_exception = true | ||
|
||
require 'sinatra/base' | ||
|
||
class App < Sinatra::Base | ||
before do | ||
content_type :text | ||
end | ||
|
||
get '/' do | ||
"Hello world" | ||
end | ||
|
||
get '/lsof' do | ||
`lsof -nP` | ||
end | ||
|
||
get '/raw' do | ||
p system("ruby client.rb raw") | ||
"via raw" | ||
end | ||
|
||
get '/spiped' do | ||
p system("env ZMQ_CONNECT_URI=ipc://#{ENV.fetch("SPIPED_CLIENT_SOURCE_SOCKET")} ruby client.rb spiped") | ||
"via spiped" | ||
end | ||
|
||
get '/thread' do | ||
"thread: #{$thread.inspect}" | ||
end | ||
end | ||
|
||
$thread = Thread.new do | ||
pid = Process.spawn("./start-spiped-client >&2") | ||
$stderr.puts "spiped started on pid #{pid.inspect}" | ||
p system("lsof -nPp #{pid} >&2") | ||
_, status = Process.wait2(pid) | ||
$stderr.puts "spiped exited with #{status.inspect}" | ||
exit(1) | ||
end | ||
|
||
run App |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Z��Hb�8�H��@�ʕe����c���\�#�� |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/usr/bin/env ruby | ||
|
||
require 'ffi-rzmq' | ||
|
||
p context = ZMQ::Context.new | ||
p socket = context.socket(ZMQ::PULL) | ||
p socket.bind(ENV.fetch("ZMQ_BIND_URI")) | ||
loop do | ||
s = [] | ||
p socket.recv_strings(s) | ||
puts "strings: #{s.inspect}" | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -x | ||
rm -f $SPIPED_CLIENT_SOURCE_SOCKET | ||
spiped -e -F -s $SPIPED_CLIENT_SOURCE_SOCKET -t $SPIPED_CLIENT_TARGET_SOCKET -k key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -x | ||
spiped -d -F -s $SPIPED_SERVER_SOURCE_SOCKET -t $SPIPED_SERVER_TARGET_SOCKET -k key |