If you have already struggled to make your local web server accessible to external testers, do not despair because today I am going to present to you Borona little utility that will change your life, like all the great tools that I present to you here.
Developed by Eric Zhang (the same one who already delighted us with SSHX yesterday), Boron is a next generation TCP tunnel coded in Rust. Its objective is to allow you to expose any local port to the Internet in a few seconds, without having to worry about configuring your box or your firewall.
Unlike some solutions that drown you in features that you will never use, Boron adopts a radically simple philosophy: it does one thing, but it does it particularly well. Its source code is only 400 lines of secure asynchronous Rust, making it probably one of the lightest and most auditable tools in its category.
There are several options available to you for installing Boron :
On macOS via Homebrew : bashbrew install bore-cli
Via Cargo (the Rust package manager) : bashcargo install bore-cli
With Docker : bashdocker run -it --init --rm --network host ekzhang/bore
You can also download the precompiled binaries directly from the GitHub releases page for Windows, macOS or Linux.
Imagine you are developing a web application on port 8000 locally and you want to show it to a client. Well, nothing could be simpler, here’s how to proceed:
bore local 8000 --to bore.pub
And there you have it!!! Your application is instantly accessible via bore.pub:Or
Although minimalist, Boron offers some thoughtful options:
--local-host: to expose a service that is not on localhost--port: to choose a specific port on the remote server (if available)--secret: to secure access with a shared key
Bore.pub is super handy for quick testing, but there’s nothing stopping you from hosting your own server Boron. This is very interesting for use in business, for example:
bore serverbore local 8000 --to votre-serveur.com
You can even configure allowed port ranges and an authentication secret:
bore server --min-port 1024 --max-port 65535 --secret votresecret
Boron mainly uses an intelligent architecture based on two components:
- A control port (7835) which manages the establishment of connections
- Separate TCP connections for each data tunnel
So, when a client asks to expose a port, this is what happens:
- The client sends a “Hello” request to the server
- Server starts listening on remote port
- For each new incoming connection, the server generates a UUID
- The client opens a new TCP connection and sends the UUID
- The server bridges the two connections
Of course, for security reasons, incoming connections are only kept for a maximum of 10 seconds before being deleted if the client does not accept them. Secret authentication also uses a challenge-response system based on HMAC codes to verify secret possession at each TCP connection. Also, this verification only concerns the initial connection phase, the traffic is not encrypted by default.
Some essential rules to keep in mind though:
- Always use the option
--secreton a public server - Limit exposed ports to what is strictly necessary
- Monitor incoming connections
- Don’t expose sensitive services without additional authentication
Of course, Boron is not the universal solution and if you need advanced features like HTTPS support, traffic inspection or complex routing rules, you will still need to turn to alternatives like ngrok or localtunnel…. But for 90% of use cases, the simplicity and effectiveness of Boron make it an excellent choice. This is once again the perfect illustration of the UNIX principle: do just one thing, but do it perfectly. That’s what I’ve been doing for over 20 years with my site when I think about it… lol.
Source link
Subscribe to our email newsletter to get the latest posts delivered right to your email.
Comments