Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Use spiped to secure data out of heroku
  • Loading branch information
halorgium committed Jun 14, 2012
1 parent cba1323 commit a798481
Show file tree
Hide file tree
Showing 15 changed files with 208 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .buildpacks
@@ -0,0 +1,2 @@
git://github.com/kr/heroku-buildpack-inline
git://github.com/heroku/heroku-buildpack-ruby
6 changes: 6 additions & 0 deletions .env.example
@@ -0,0 +1,6 @@
SPIPED_CLIENT_SOURCE_SOCKET=/tmp/spiped.sock
SPIPED_CLIENT_TARGET_SOCKET=127.0.0.1:7001
SPIPED_SERVER_SOURCE_SOCKET=0.0.0.0:7001
SPIPED_SERVER_TARGET_SOCKET=127.0.0.1:7002
ZMQ_BIND_URI=tcp://0.0.0.0:7002
ZMQ_CONNECT_URI=tcp://127.0.0.1:7002
10 changes: 10 additions & 0 deletions Gemfile
@@ -0,0 +1,10 @@
source "https://rubygems.org"

gem "rack"
gem "ffi-rzmq"
gem "puma"
gem "sinatra"

group :development do
gem "foreman"
end
29 changes: 29 additions & 0 deletions Gemfile.lock
@@ -0,0 +1,29 @@
GEM
remote: https://rubygems.org/
specs:
ffi (1.0.11)
ffi-rzmq (0.9.3)
ffi
foreman (0.47.0)
thor (>= 0.13.6)
puma (1.4.0)
rack (~> 1.2)
rack (1.4.1)
rack-protection (1.2.0)
rack
sinatra (1.3.2)
rack (~> 1.3, >= 1.3.6)
rack-protection (~> 1.2)
tilt (~> 1.3, >= 1.3.3)
thor (0.15.2)
tilt (1.3.3)

PLATFORMS
ruby

DEPENDENCIES
ffi-rzmq
foreman
puma
rack
sinatra
4 changes: 4 additions & 0 deletions Procfile
@@ -0,0 +1,4 @@
web: puma -p $PORT -q -t 0:256
spipedc: ./start-spiped-client
spipeds: ./start-spiped-server
server: ruby server.rb
37 changes: 37 additions & 0 deletions README.md
@@ -0,0 +1,37 @@
# heroku-spiped

## Dependencies

install spiped from http://www.tarsnap.com/spiped.html
For mac, you need to remove the `-lrt` from the `Makefile`

## You can run this locally

cp .env.example .env
bundle
bundle exec foreman start

visit http://localhost:5000/raw to see raw ZMQ
visit http://localhost:5000/spiped to see spiped ZMQ

## Now run it on heroku

choose a place to run your spiped decrypter/server or tunnel it via SSH/VPN

scp key ip.of.your.server:/tmp/spiped.key
spiped -d -F -s 0.0.0.0:7001 -t 127.0.0.1:7002 -k /tmp/spiped.key

heroku create --buildpack https://github.com/ddollar/heroku-buildpack-multi --stack cedar spiped-for-me

heroku config:add \
LD_LIBRARY_PATH=sw/usr/lib \
PATH=sw/usr/bin:bin:vendor/bundle/ruby/1.9.1/bin:/usr/local/bin:/usr/bin:/bin \
SPIPED_CLIENT_SOURCE_SOCKET=/tmp/spiped.sock \
SPIPED_CLIENT_TARGET_SOCKET=ip.of.your.server:7001 \
ZMQ_CONNECT_URI=tcp://ip.of.your.server:7002

heroku ps:scale web=1

heroku logs --tail

Now you can visit http://spiped-for-me.herokuapp.com/spiped
42 changes: 42 additions & 0 deletions bin/compile
@@ -0,0 +1,42 @@
#!/usr/bin/env bash
# bin/compile <build-dir> <cache-dir>

set -e
set -o pipefail

function indent() {
c='s/^/ /'
case $(uname) in
Darwin) sed -l "$c";;
*) sed -u "$c";;
esac
}

BUILD_DIR=$1
CACHE_DIR=$2

export UBUNTU_URL=http://us.archive.ubuntu.com/ubuntu/pool

install () {
DEB_URL=$1
DIR=$(mktemp -d)
curl -f $DEB_URL > $DIR/deb
dpkg-deb -x $DIR/deb $BUILD_DIR/sw
}

mkdir $BUILD_DIR/sw

install $UBUNTU_URL/main/l/lsof/lsof_4.81.dfsg.1-1build1_amd64.deb
install http://ppa.launchpad.net/chris-lea/libpgm/ubuntu/pool/main/libp/libpgm/libpgm-5.1-0_5.1.116-1chl1~lucid1_amd64.deb
install http://ppa.launchpad.net/chris-lea/zeromq/ubuntu/pool/main/z/zeromq/libzmq1_2.1.11-1chl1~lucid1_amd64.deb
install http://ppa.launchpad.net/chris-lea/zeromq/ubuntu/pool/main/z/zeromq/libzmq-dev_2.1.11-1chl1~lucid1_amd64.deb

export LDFLAGS="-L$BUILD_DIR/sw/lib -L$BUILD_DIR/sw/usr/lib"
export CPPFLAGS="-I$BUILD_DIR/sw/usr/include"
export PATH="$GEM_HOME/bin:$BUILD_DIR/sw/bin:$BUILD_DIR/sw/usr/bin:$PATH"

SPIPED_DIR=$(mktemp -d)
curl http://www.tarsnap.com/spiped/spiped-1.1.0.tgz |tar zxf - -C $SPIPED_DIR
cd $SPIPED_DIR/spiped-1.1.0
make
cp spiped $BUILD_DIR/sw/usr/bin/
5 changes: 5 additions & 0 deletions bin/detect
@@ -0,0 +1,5 @@
#!/usr/bin/env bash
# bin/detect <build-dir>
set -e

echo spiped
3 changes: 3 additions & 0 deletions bin/release
@@ -0,0 +1,3 @@
#!/usr/bin/env bash

echo "--- {}"
6 changes: 6 additions & 0 deletions client.rb
@@ -0,0 +1,6 @@
require 'ffi-rzmq'

p context = ZMQ::Context.new
p socket = context.socket(ZMQ::PUSH)
p socket.connect(ENV.fetch("ZMQ_CONNECT_URI"))
p socket.send_strings(["hello", *ARGV])
42 changes: 42 additions & 0 deletions config.ru
@@ -0,0 +1,42 @@
Thread.abort_on_exception = true

require 'sinatra/base'

class App < Sinatra::Base
before do
content_type :text
end

get '/' do
"Hello world"
end

get '/lsof' do
`lsof -nP`
end

get '/raw' do
p system("ruby client.rb raw")
"via raw"
end

get '/spiped' do
p system("env ZMQ_CONNECT_URI=ipc://#{ENV.fetch("SPIPED_CLIENT_SOURCE_SOCKET")} ruby client.rb spiped")
"via spiped"
end

get '/thread' do
"thread: #{$thread.inspect}"
end
end

$thread = Thread.new do
pid = Process.spawn("./start-spiped-client >&2")
$stderr.puts "spiped started on pid #{pid.inspect}"
p system("lsof -nPp #{pid} >&2")
_, status = Process.wait2(pid)
$stderr.puts "spiped exited with #{status.inspect}"
exit(1)
end

run App
1 change: 1 addition & 0 deletions key
@@ -0,0 +1 @@
Z��Hb�8�H��@�ʕe����c���\�#��
12 changes: 12 additions & 0 deletions server.rb
@@ -0,0 +1,12 @@
#!/usr/bin/env ruby

require 'ffi-rzmq'

p context = ZMQ::Context.new
p socket = context.socket(ZMQ::PULL)
p socket.bind(ENV.fetch("ZMQ_BIND_URI"))
loop do
s = []
p socket.recv_strings(s)
puts "strings: #{s.inspect}"
end
5 changes: 5 additions & 0 deletions start-spiped-client
@@ -0,0 +1,5 @@
#!/usr/bin/env bash

set -x
rm -f $SPIPED_CLIENT_SOURCE_SOCKET
spiped -e -F -s $SPIPED_CLIENT_SOURCE_SOCKET -t $SPIPED_CLIENT_TARGET_SOCKET -k key
4 changes: 4 additions & 0 deletions start-spiped-server
@@ -0,0 +1,4 @@
#!/usr/bin/env bash

set -x
spiped -d -F -s $SPIPED_SERVER_SOURCE_SOCKET -t $SPIPED_SERVER_TARGET_SOCKET -k key

0 comments on commit a798481

Please sign in to comment.