Skip to main content

Tunnelling - rathole client

- get rathole


wget -O $HOME/suda-git/rathole-x86_64-unknown-linux-gnu.zip https://github.com/rapiz1/rathole/releases/download/v0.4.7/rathole-x86_64-unknown-linux-gnu.zip


- make a directory for rathole


mkdir $HOME/rathole


- unzip the archive into that directory


unzip -q $HOME/suda-git/rathole-x86_64-unknown-linux-gnu.zip -d $HOME/rathole


- make the binary executable


sudo chmod +x $HOME/rathole/rathole


- move the binary to /usr/bin/ so it's accessible from anywhere in the system


sudo mv $HOME/rathole/rathole /usr/bin/


- make a directory that will hold the rathole configuration


sudo mkdir -p /etc/rathole


- copy configuration files to /etc/rathole


sudo cp $HOME/suda-git/config/app1c.toml /etc/rathole/app1.toml

sudo cp $HOME/suda-git/config/app2c.toml /etc/rathole/app2.toml

sudo cp $HOME/suda-git/config/app3c.toml /etc/rathole/app3.toml


- copy systemd service files to /etc/systemd/system


sudo cp $HOME/suda-git/config/ratholec@.service /etc/systemd/system/


- define $secret (needs to be the same string as on the server install)


secret="the_string_from_the_server(witout_quotes)"


- use sed to replace "hackme" with the secret string in the config files


sudo sed -i "s/hackme/$secret/g" /etc/rathole/app1c.toml

sudo sed -i "s/hackme/$secret/g" /etc/rathole/app2c.toml

sudo sed -i "s/hackme/$secret/g" /etc/rathole/app3c.toml


- app1 - noVNC service running on the client machine on port 443

- app2 - icecast streaming service running on the client machine on port 8443

- app3 - icecast admin backing service running on the client on port 8080


- enable rathole instances with the appropriate config file for each service


sudo systemctl enable ratholec@app1 --now

sudo systemctl enable ratholec@app2 --now

sudo systemctl enable ratholec@app3 --now


sudo mkdir -p /etc/letsencrypt/suda.hacklab01.org/live


scp $user@$domain:/etc/letsencrypt/live/$domain/*

scp $user@$domain:/etc/letsencrypt/live/$domain/bundle.pem bundle.pem


sudo scp $user@$domain:/etc/letsencrypt/live/$domain/* /etc/letsencrypt/live/$domain


- setup MAPS for tunneling - change the references to the local IP into the domain


sed -i "s/http:\/\/$ip:8080/https:\/\/$domain:8443/g" $HOME/suda-git/noVNC-1.3.0/index.html


sed -i "s/$ip/$domain/g" $HOME/maps/MAPS.pd