Spokes Update v1.5.0
Published at January 10, 2025 · 3 min read
Share on:We’re excited to share the release of Spokes v1.5.0, featuring several enhancements, new capabilities, and bug fixes. This update continues our mission to make Spokes more capable and easy to use.
Get the Release!
You can download the RPM here. As always, our container images are available in both the Packetriot and Terrapin Labs repositories.
docker pull packetriot/spokes:1.5.0
# alternatively
docker pull terrapinlabs/spokes:1.5.0
Last Active Date for Tunnels
Tunnels now display their last active date when visiting the Tunnel page. This enables admins to quickly identify the last moment a tunnel was online and active.
Tunnel table with Last Active in ascending order
The table can be sorted in ascending or descending order and will make it easy to identify tunnels that are stale and haven’t been online for a while, and perhaps removed.
Enhanced TLS Certificate Management
We’ve overhauled the TLS management system in Spokes to support:
- Multiple free ACME Certificate Authorities (CAs)
- Let’s Encrypt
- ZeroSSL - Public free tier
- External or custom ACME CAs such as ZeroSSL’s premium service
- Custom TLS certificates
- Automatic fallback to self-signed certificates
Previously, the TLS configuration was limited to just a single mechanism or ACME CA for acquiring TLS certificates. With these improvements, Spokes will attempt multiple strategies to retrieve a valid TLS certificate which improves uptimes when a certificate renewal fails because of network issues or rate-limiting. The TLS configuration page is simplified as well since all mechanisms are now used to acquiring a TLS certificate.
TLS certificate settings
The following is the precedence used for acquiring and serving a TLS session:
- Custom TLS certificates have the highest precendence
- External or custom ACME CAs are preferred over the public or free ones
- Public ACME CAs such as Let’s Encrypt or ZeroSSL
- Self-signed certificate
A self-signed certificate is created as a last resort, but will enable admins to log in, fix any misconfigurations and reset the TLS certificate state so that an ACME CA can be retried again.
Reset TLS configuration
These updates simplify certificate management and ensures greater reliability and robustness. The underlying improvements also enable us to support new features (like the one below).
Support for Alternate Domain Names
Spokes now supports alternate domain names for your server. This feature allows you to configure multiple domains that can be used for OpenID authentication, TLS certificate management, and session handling.
You can set these domains in the configuration or directly through the dashboard.
This feature will provide flexibility in deployments. One example is using one domain to access the Spokes admin dashboard and another domain that is used by tunnels to access the server and used for assigning hostnames to the tunnels.
Our roadmap includes new features for performing backups, restorations and migrations. We see this as a mechanism that can make consolidating multiple servers when necessary during a failover.
Search Tunnels by Port
The tunnel search feature now includes support for finding tunnels using allocated ports. Enter a port number using the port keyword and this format:
port:<port-number>
Spokes will display the corresponding tunnel if one exists that has been allocated the port number in the search query.
Search tunnel via allocated port number
This is particularly helpful for quickly locating and managing tunnels when troubleshooting or monitoring network traffic.
Bug Fixes
We’ve also resolved several bugs reported by our users and made other minor stability and usability improvements.
Thanks!
As always, we want to thank our customers for their feedback, feature suggestions, and bug reports. Your input helps us prioritize improvements that make Spokes even better. If you have ideas for new features or enhancements, feel free to reach out.
Cheers!