erikmagkekse/ziti-edge-proxy

By erikmagkekse

Updated 7 months ago

Zitify your pipelines! A simple container with a SOCKS5 & HTTP Proxy that tunnels trough OpenZiti.

Helm
Image
Networking
Internet of things
Developer tools
0

1.4K

erikmagkekse/ziti-edge-proxy repository overview

What is ziti-edge-proxy?

This project uses OpenZiti to provides a SOCKS5 & HTTP Proxy with simple authentication that tunnels intercepted traffic through OpenZiti. The goal for this project was to make it fully functional in UserSpace, so that it can also be used in pipelines without privileges, for example in GitOps processes.

Who is it for?

It’s for anyone who needs a simple and fully in-UserSpace solution for OpenZiti, which is especially useful in pipelines. For example, if you are an infrastructure professional who uses OpenZiti and GitLab to roll out Ansible Playbooks, you know how crucial it is to secure your runners, for instance from a network perspective. Many runners have too many network privileges within an infrastructure, making it impossible to share a runner with other teams in a company. Now, this can be addressed with OpenZiti and ziti-edge-proxy!

How can it be used?

It's simple! You can either try it out with Docker Compose or integrate it directly into your pipelines. Check out some examples:

Docker Image

This container image will be monitored regularly, as soon as we are in beta state, to keep the current CVEs in the image minimal. Currently, the tagging of the images is based on the branch name, "main" is the stable branch.

docker pull docker.io/erikmagkekse/ziti-edge-proxy:main

DockerHub

Environment variables
VariableDefault ValueUsage
PROXY_HOST127.0.0.1Where the SOCKS5 server should be attached
SOCKS_ENABLEDtrueEnables SOCKS5 Server
HTTP_ENABLEDtrueEnables HTTP Server
SOCKS_PORT1080Default port of the SOCKS5 server
HTTP_PORT8080Default port of the HTTP proxy server
PROXY_USERNAMEuserUsername for the SOCKS5 server
PROXY_PASSWORDpasswordPassword for the SOCKS5 Server
*ZITI_IDENTITIESemptyList of used Ziti identities, separated by semicolon, can be also a wildcard.
*ZITI_IDENTITYemptyA Base64 encoded string of a single identity JSON

*Only one of these can be used at a time and is not optional. If you use ZITI_IDENTITY, it will decode the identity JSON to "/app/identity.json" and update the var ZITI_IDENTITIES to point to the file.

Future roadmap

  • Add Codesinging
  • Improving logging ✅
  • Add ghcr.io repository for image
  • Switch from Python image to Alpine or RedHat UBI
  • Add HTTP Proxy support ✅
  • Rewrite in Go
  • CI Tests

Note

This project is NOT developed by NetFoundry or OpenZiti itself, it only uses the SDKs of OpenZiti.

Tag summary

Content type

Image

Digest

sha256:29ed8b75f

Size

48.8 MB

Last updated

7 months ago

docker pull erikmagkekse/ziti-edge-proxy