Webserver Publish
You can publish a web server using Narrowlink. The gateway will automatically issue a certificate for the domain name and publish the web server. For example, narrow.page is a web server that is published using Narrowlink, while its backend is running in a highly restricted network.
To publish a web server using Narrowlink, you need to have a valid domain name with an A
or CNAME
DNS record that points to the gateway address. Then, you need to generate a publish token that will be used by the agent to publish the web server. To generate a publish token, you can add the following lines to the Token Generator configuration file:
secret: [1,2,3,4] # The secret for signing tokens, It must be the same as the gateway token secret, it is as byte array
tokens: # list of tokens
#- !Agent # agent token
# ...
#- !Client # client token
# ...
- !AgentPublish # agent publish token to publish web services
uid: 00000000-0000-0000-0000-000000000000 # agent uid, please use a unique uid for each user
name: agent_name # agent name, it must be the same name as the agent name in the agent token
exp: 1710227806 # expiration time in seconds since epoch
publish_hosts: # list of the services that this agent will publish
- host: first.domain.example # domain name
port: 0 # gateway's service port, 0 means any port
connect: # the address that the agent will connect to publish the service
host: 127.0.0.1 # ip address or domain name
port: 80 # port
protocol: HTTP # protocol
- host: second.domain.example # domain name
port: 0 # gateway's service port, 0 means any port
connect: # the address that the agent will connect to publish the service
host: 127.0.0.1 # ip address or domain name
port: 443 # port
protocol: TCP # protocol, TCP means it acts as a SNI proxy
The uid
and name
fields must be the same as the uid
and name
in the agent token. Once a request is received from the gateway, it automatically inserts the NL-Connecting-IP
header to the request. This header contains the IP address of the client. You can use this header to detect the IP address of the client.
You can use a wildcard in the domain name to publish multiple services without reconfiguring the DNS server every time. For example, you can use *.domain.example
to publish all subdomains of
domain.example
.
After generating the publish token, you need to add the token to the agent configuration file:
#...
publish:
- eyJ0eX....kNHYQ_4 # token for publishing webserver (optional)
# - eyJ0eX....kNHYQ_4 # second token for publishing webserver (optional)
#...
You can also add multiple tokens to the agent configuration file to publish multiple web servers.
Now, you can run the agent and publish the web server. The gateway will automatically issue a certificate for the domain name and publish the web server.