Skip to main content

Webserver Publish

You can publish a web server using Narrowlink. The gateway will automatically issue a certificate for the domain name and publish the web server. For example, narrow.page is a web server that is published using Narrowlink, while its backend is running in a highly restricted network.

To publish a web server using Narrowlink, you need to have a valid domain name with an A or CNAME DNS record that points to the gateway address. Then, you need to generate a publish token that will be used by the agent to publish the web server. To generate a publish token, you can add the following lines to the Token Generator configuration file:

secret: [1,2,3,4] # The secret for signing tokens, It must be the same as the gateway token secret, it is as byte array
tokens: # list of tokens
  #- !Agent # agent token
  # ...
  #- !Client # client token
  # ...
  - !AgentPublish # agent publish token to publish web services
    uid: 00000000-0000-0000-0000-000000000000 # agent uid, please use a unique uid for each user
    name: agent_name # agent name, it must be the same name as the agent name in the agent token
    exp: 1710227806 # expiration time in seconds since epoch
    publish_hosts: # list of the services that this agent will publish
      - host: first.domain.example # domain name
        port: 0 # gateway's service port, 0 means any port
        connect: # the address that the agent will connect to publish the service
          host: 127.0.0.1 # ip address or domain name
          port: 80 # port
          protocol: HTTP # protocol
      - host: second.domain.example # domain name
        port: 0 # gateway's service port, 0 means any port
        connect: # the address that the agent will connect to publish the service
          host: 127.0.0.1 # ip address or domain name
          port: 443 # port
          protocol: TCP # protocol, TCP means it acts as a SNI proxy

The uid and name fields must be the same as the uid and name in the agent token. Once a request is received from the gateway, it automatically inserts the NL-Connecting-IP header to the request. This header contains the IP address of the client. You can use this header to detect the IP address of the client.

tip

You can use a wildcard in the domain name to publish multiple services without reconfiguring the DNS server every time. For example, you can use *.domain.example to publish all subdomains of domain.example.

After generating the publish token, you need to add the token to the agent configuration file:

#...
publish:
  - eyJ0eX....kNHYQ_4 # token for publishing webserver (optional)
  # - eyJ0eX....kNHYQ_4 # second token for publishing webserver (optional)
#...

You can also add multiple tokens to the agent configuration file to publish multiple web servers.

Now, you can run the agent and publish the web server. The gateway will automatically issue a certificate for the domain name and publish the web server.