How to run an inlets exit server on Oracle Cloud Infrastructure
with limited budget💰💵 💴 💶 💷
Inlets
For anyone not familiar with inlets. It's a project from Alex Ellis, a CNCF Ambassador and the Founder of OpenFaaS.
Cloud Native Tunnel You can use inlets to connect HTTP and TCP services between networks securely. Through an encrypted websocket, inlets can penetrate firewalls, NAT, captive portals, and other restrictive networks lowering the barrier to entry.
VPNs traditionally require up-front configuration like subnet assignment and ports to be opened in firewalls. A tunnel with inlets can provide an easy-to-use, low-maintenance alternative to VPNs and other site-to-site networking solutions.
Oracles Cloud Infrastructure
I dont know this nice bloke, but soon we will be happy as he is.
Oracles Cloud Infrastructure (OCI) is the nearly perfect place to start an inlets exit node. After you created an account, you will not only get a whopping $300 (250€) in cloud credit, but also some selected resources for free. Forever!
Oracle is calling them Always Free Resources.
So what do we get for free, from a compute point of view?
Micro instances (AMD processor): All tenancies get two Always Free VM instances using the VM.Standard.E2.1.Micro shape, which has an AMD processor.
That is amazing as it is exactly what we need for an inlets exit node.
Unfortunately, inlets is not supporting OCI at the moment. To still enjoy the perks of OCI and inlets we're going to use Terraform to install the exit node. Classic...
How-to
Grep the binaries
We're going completely vanilla. So only terraform and inlets inletsctl is needed.
# Install to local directory (and for Windows users)
curl -sLSf https://inletsctl.inlets.dev | sh
# Install directly to /usr/local/bin/
curl -sLSf https://inletsctl.inlets.dev | sudo sh
brew install terraform
We need the inlets-pro binaries to connect to the exit server
inletsctl download
2021/08/16 01:11:11 https://github.com/inlets/inlets-pro/releases/tag/0.8.9
Starting download of inlets-pro 0.8.9, this could take a few moments.
Download completed, make sure that /usr/local/bin is on your path.
inlets-pro version
The code
Just get the example code from here:
https://github.com/dirien/inlets-oci-terraform
OCI API Keys
After you created your OCI account, you can create your API keys. These are special type of public keys used to perform any kind of API operations. There are different ways to create this API keys.
To keep in simple, I prefer the UI way:
- Open the Console, and sign in.
- View the details for the user who will be calling the API with the key pair:
- If you're signed in as the user:
- Open the Profile menu (User menu icon) and click User Settings.
- Click Add Public Key.
After this, you will be greeted with a dialog with all the relevant information you need for terraform to run.
Then rename the terraform.tfvars.changme in terraform.tfvars and fill out the infos from above.
tenancy_ocid = xx
user_ocid = xx
private_key_path = xx
fingerprint = xx
region = xx
ssh_public_key = xx
Anyone still here?
Terraform
Now, that you filled out the information, the terraform OCI provider needs, you can simply run your terraform
commands
terraform init
terraform plan
terrafrom apply
If everything works like planed, you should see following, similar output:
oci_core_instance.inlets-ubuntu-instance: Creation complete after 48s [id=ocid1.instance.oc1.eu-frankfurt-1.antheljtoboqxvycp3pui4xy5rva6nmna2siow2tgukeggpmatvl5nzeskpa]
Apply complete! Resources: 7 added, 0 changed, 0 destroyed.
Outputs:
inlets-connection-string = <sensitive>
Type terraform output inlets-connection-string to see the connection details
inlets-pro tcp client --url wss://158.101.189.144:8123 --token RFMLihTUZ2WQbHkRNPRsATAJDqjgvMx7XywjiwFqB7nUI3HOLOwF8LMw8Nsk79TG --upstream $UPSTREAM --ports $PORTS
Now you can expose every local application via the variables $UPSTREAM and $PORT
inlets-pro tcp client --url wss://158.101.189.144:8123 --token RFMLihTUZ2WQbHkRNPRsATAJDqjgvMx7XywjiwFqB7nUI3HOLOwF8LMw8Nsk79TG --upstream $UPSTREAM --ports $PORTS
2021/08/16 00:43:01 Starting TCP client. Version 0.8.9 - 7df6fc42cfc14dd56d93c32930262202967d234b
2021/08/16 00:43:01 Licensed to: Engin Diri <Engin.Diri@mail.schwarz>, expires: 6 day(s)
2021/08/16 00:43:01 Upstream server: localhost, for ports: 8080
inlets-pro client. Copyright OpenFaaS Ltd 2021
INFO[2021/08/16 00:43:01] Connecting to proxy url="wss://158.101.189.144:8123/connect"
INFO[2021/08/16 00:43:01] Connection established.. OK.
Clean up
If you don't need the inlets tunnel anymore, just type:
terraform destroy to purge everything.
Would you like to know more?
- Check out the github repo -> github.com/dirien/inlets-oci-terraform
- Join the inlets slack channel.
- The official documentation -> inlets.dev
- Drop me DM in Twitter -> twitter.com/_ediri