Spokes v1.2.0
Published at May 10, 2021 · 5 min read
Share on:Release v1.2.0 introduce Webhook events and updates to the dashboard to allow more administration and configuration through the web-bases UI. You can now completely configure Spokes and manage users, tokens, tunnels and more in the Spokes dashboard!
In addition, we’ve added service checks for the upstream application that are hosted behind tunnels. HTTP/S and TCP applications can be checked by Spokes to determine if the upstream service is running and accessible. This provides more introspection on the availability of the entire network of services hosted behind Spokes and your tunnels.
You will need v0.10.9 of the Packetriot client to utilize service checks.
Webhooks
Webhooks allow the publishing of events in Spokes to external applications so that more integrations with Spokes can be built or implemented. Examples of these events include: tunnels connecting or disconnecting, tunnels being created or shut down, admin logins, and more.
Events are published to an HTTP/S URL with the event data. The Admin API available in Spokes enables applications to query for more information in case that’s helpful. Endpoints for the webhook can be secure using HTTP Basic-Auth or SHA-256 HMAC verification of the request.
Creating a webhook is performed using a new form that requests a name for the webhook, a URL to publish the event to, security options and a list of events that will be published. This last options allow multiple webhooks to be created and sent to different endpoints.
A delay can be configured as well. Delays are in captured in seconds with 0s
indicating instant publishing per event. Time delays will allow Spokes to aggregated multiple events and publish them at once.
We’ll be adding more events over time. Please contact us and let us know what other events you’d be interested in.
Creating Users
Prior to this release all users had to created using our CLI. In version 1.2.1 we added support for environment variables to enable basic configuration of a Spokes server. This include setting a temporary password so that a user could create the first admin.
This release builds on top of that and enables more users to be created through the web UI.
Users require an email and fullname. Two-factor authentication can be set for the user as well. The 2FA setup will be completed by that user after the first time they log in.
Users can also be removed from the system as well. By clicking on a user an admin can review details about the user and see any tunnels associated to them. Note, deleting a user will also disconnect and permanently shutdown their tunnels.
Edit Tunnel Names
We updated our tunnel-related pages to allow admins to give or change names for tunnels. Previously an unnamed tunnel would be named unamed
. Many users who deploy tunnels automatically but did not specify names wanted to give names to them after the fact. Now you can.
Click on the small edit icon on the right hand side of the tunnel name. A modal will be presented with an input a new name for the tunnel.
We invite more users to send us feedback on the UI. We’re pleased to continue to improve the user experience of the dashboard.
Tunnel Service Availbility Checks
The detailed tunnel pages enable users to remotely configure and change traffic rules which makes administration of remote clients more simple to manage. You no longer need to use another application like TeamViewer to make traffic rule changes.
To further support smooth operation and maintenance we’ve added service checks for the upstream applications that are hosted behind tunnels. The checks are performed periodically to determine if the upstream application is available and can be connected to.
Service availability checks are not enabled by default. Visit the Configuration
page in the Spokes dashboard and scroll down to Tunnel Options. You can enable service monitoring here and set a check interval (minutes).
Once service monitoring is turned on, Spokes will request the client running on the other end of the tunnel to perform an availability check. The checks are executed by the client and sent back to the Spokes server. This is all performed over the existing secure TLS tunnel.
Once availability is determine, online or offline, the status of the service, HTTP/S or TCP, is updated in the database. A green heartbeat will indicate availability. A grey one will indicate the upstream service could not be reached.
Note, depending on the service interval chosen, it may require that amount of time for the initial service check requests to be sent to the clients.
What’s next?
We’re adding a SOCKSv5 proxy to Spokes so that you can dial into Spokes and request services hosted behind all of the running tunnels. This is useful for admins that want to host TCP services but not expose the entire port-range to the Internet. One port can be opened and the SOCKSv5 client can request traffic to an HTTP/S or TCP service.
We’ve also added support for a TLS SOCKSv5 proxy as well. TLS is not a standard feature fo SOCKSv5, however, this protocol is pretty simple and it’s easy to create custom TCP dialers that can use TLS and then standard SOCKS protocol over that.
We’ll publish some example code for a TLS SOCKSv5 dialer when we release v1.2.1 and this new feature.
As always, thanks again to our users and customers who have shared their feedback and suggestions to us.
Cheers!