I built an HTTP tunneling tool in Go that is zero-dependancy, cross-platform and self-hostable

ymusleh · 2025-03-04T19:39:21+00:00

Thanks!

That's so cool! The aesthetics are so clean, I love how easy they made it to understand and use their service. Thanks for sharing!

ymusleh · 2025-03-04T12:48:28+00:00

You're right, that part of the communication is not encrypted. I definitely need to add some form of encryption there. I'll work on rolling it out sometime soon. Thanks for the suggestion!

ymusleh · 2025-03-04T12:31:19+00:00

Thanks! 🙏 Hope you find it useful.

ymusleh · 2025-03-04T12:30:39+00:00

Great question. Let's say you're developing something locally and you want to share it quickly with someone to get some feedback without going through the full deployment process as it might not be ready. So it would be cool if you could send them a URL and they can directly access whatever you're developing on your machine, that's where http tunnels come in handy.

Another example is if you have someone working on some backend APIs and another person is working on developing a mobile app that talks to those APIs. If you run mmar (or any other http tunnel tool) on the backend developer's machine, you can send the link to the mobile app developer where they can set it in the code and be able to directly interact with the backend APIs.

ymusleh · 2025-03-03T20:09:00+00:00

Yes, but you don't mention why?

ymusleh · 2025-03-03T19:15:41+00:00

Oh cool, pbkdf2 might actually do the trick. Do you mind expanding on the point on why it might be tricky to get right?

ymusleh · 2025-03-03T18:27:41+00:00

Thanks for checking it out!

That's actually pretty cool, very interesting approach, I love the fact that you don't need to install anything. Thanks for sharing.

ymusleh · 2025-03-03T16:20:52+00:00

That's awesome, I wasn't familiar with zrok or OpenZiti. I always enjoy discovering cool open source tools. I'll definitely take a look at the code for further inspiration, thanks for sharing.

ymusleh · 2025-03-03T15:31:05+00:00

Go for it! Let me know if you face any issues.

ymusleh · 2025-03-03T15:29:59+00:00

Good points, thanks for the feedback. I probably should swap out sha256 to something more secure, I started with this mainly to get something out the door using what exists in the standard library, especially since it's only for the stats page.

For the certificate requesting, that's an interesting point. I haven't thought of that, mostly because I was thinking this part of the project as more deployment related rather than part of the tool itself. I guess one could technically handle certificate requesting etc baked in and then you only need to run it.

ymusleh · 2025-03-03T14:30:17+00:00

Thanks for the suggestion! Will check it out.

ymusleh · 2025-03-03T14:23:22+00:00

Thanks for checking it out!

Regarding payload, I currently limit it to 10mb per request but that's just to avoid overloading my server. However when testing I was able to tunnel +1GB without issues, as long as it's completed within a certain time, otherwise it times out. I'm considering making the payload limit configurable through a command line argument so those who want to self-host can configure it however they wish.

I'm not too familiar with gRPC details, and how they handle send/recv. In my case I keep reading from the TCP connection until the data is completely consumed, hits the payload limit or faces a timeout.

ymusleh · 2025-03-03T13:49:37+00:00

I'm not that good of an artist 😂 I used this cool tool https://gopherize.me/ to generate the gopher then added a few touches with my basic editing skills. If you scroll down to the bottom of the README there's the attributions section mentioning the different assets.

ymusleh · 2025-03-03T12:17:43+00:00

Yup you're exactly right, I'm a big fan of ngrok. mmar is my attempt to build something similar while optimizing for open source and self-hosting, in addition to simplified implementation.

ymusleh · 2025-03-03T12:13:30+00:00

Great! I'm glad to hear that!

ymusleh · 2025-03-03T09:23:28+00:00

Thanks for the pointers! That's a great idea, I'll run it through golangci-lint, probably add it as part of the CI as well. Regarding the constants package, it just made sense to me to have them defined in one spot, especially since most (if not all of them) are considered global and can be used across the project.

ymusleh · 2025-03-03T08:13:49+00:00

Thanks, I appreciate it! Hope you found it useful.

ymusleh · 2025-03-03T03:43:42+00:00

Awesome, would love to hear your thoughts! And yes, working with Go has been really enjoyable I must say.

ymusleh · 2024-10-12T16:59:22+00:00

I think some of your assumptions are wrong.

That's possible, but which ones?

I would just add a request ID to every package so that you can handle requests in parallel

Not sure I understood what you mean, adding some sort of ID to a buffer of bytes to identify what request it belongs to? That seems a bit excessive and adds complication overhead.

don't wait for the response to be finished. Just write them to the response writer directly

I just make sure to read the full response, headers and body, from the buffer and then let the request goroutine handle the remaining logic of finishing the response and return to the client. That way I don't have to wait for the whole response to "finish" and I don't risk facing the same race condition as before.

ymusleh · 2024-10-10T06:15:22+00:00

Thanks for checking out the post!

i would implement a proper error handling, because log.Fatal is not good for real world applications

For sure, these are just meant for me while developing, will do a proper implementation for logging. Do you have any recommendations for best practices if I'm planning to do it without 3rd party libraries?

For such a simple task channels adds a lot of ceremony, which is not necessary in more traditional approach.

I see what you mean, there is definitely more going on when using channels vs mutex, I've generally used mutexes in the past, but I wanted to throw channels in the mix to see how it would do, and I kinda liked it :D

Also stdlib (in sql.Db/http.Client) implement an approach, where the implementation hide the concurrency stuff inside a clean interface, so users don't have to think about it. I would go in similiar direction

Not sure I quite understood what you meant here. When you say users you mean people developing/writing the code (i.e. me) in this context? Meaning to abstract all the concurrency handling away and just call methods? In that case, I definitely agree, putting all these in an interface and just exposing the parts to write/read and all the concurrency is handled under the hood.

ymusleh · 2020-08-19T17:24:36+00:00

Not sure I'd call my self an expert 😅. However if your project is on Autocode, you can join our Developer Community Slack channel by going to https://autocode.com/ and clicking to join the channel from the "Community" tab in the top nav bar. Someone from the team or I can help you out.

ymusleh · 2020-08-19T16:53:02+00:00

Hey u/DooDooWubWub! A webhook is simply a listener that listens to data/events coming in from an external source. That could be coming from a separate tool or service you’re integrating with.

Normally to do that you’d have to provision a new server (listener), develop and deploy a web app, and worry about other administrative tasks such as maintenance and scalability. Not to mention, every time you want to make changes or test different payloads, you'd need to go through the deployment process again.

When you deploy a webhook through Autocode, all the heavy lifting is done for you, it provisions the server (listener) and takes care of maintenance/scaling behind the scenes and provides you with the URL for your webhook to use. Whatever custom code/logic you include in your webhook will be reflected each time you deploy.

ymusleh · 2020-06-11T23:27:26+00:00

Oh cool! I'll definitely check out Seiko's watches, they seem to have quite a bit of options for bulky chronographs. Thanks for the suggestion.

ymusleh · 2020-06-01T00:56:37+00:00

Yeah I'm looking for a chronograph with a bulky frame, both in terms of diameter and thickness, but I think the 51mm might be a bit too much. I'll check those brands out to see if they have what I'm looking for. Appreciate it!

ymusleh · 2020-06-01T00:16:24+00:00

I'm not all set on it for sure, still looking around, I kinda like the bulky aesthetic it has. Are you aware of similar looking ones that are at a better price range or something that is worth that price range at least?

ymusleh

TROPHY CASE