| Jeremy Kerr | f403c42 | 2018-07-26 12:14:56 +0800 | [diff] [blame] | 1 | nbd-proxy | 
|  | 2 | ========= | 
|  | 3 |  | 
|  | 4 | Prototype javascript+websocket NBD server; this code demonstrates a javascript | 
|  | 5 | NBD implementation connected to the kernel nbd device over a websocket. | 
|  | 6 |  | 
|  | 7 | There are two components here: | 
|  | 8 |  | 
|  | 9 | nbd-proxy: a little binary to initialise a nbd client, connected to a | 
|  | 10 | unix domain socket, then proxy data between that socket and | 
|  | 11 | stdio. This can be used with a websocket proxy to expose | 
|  | 12 | that stdio as a websocket. | 
|  | 13 |  | 
|  | 14 | nbd.js:    a javascript implementation of a NBD server. | 
|  | 15 |  | 
|  | 16 | Running | 
|  | 17 | ------- | 
|  | 18 |  | 
|  | 19 | You'll need a websocket proxy This connects the nbd-proxy | 
|  | 20 | component to a websocket endpoint. | 
|  | 21 |  | 
|  | 22 | For experimentation, I use the `websocketd` infrastrcture to expose the | 
|  | 23 | websocket endpoint, plus serve the static HTML+js client: | 
|  | 24 |  | 
|  | 25 | git clone https://github.com/joewalnes/websocketd | 
|  | 26 | (cd websocketd && make) | 
|  | 27 |  | 
|  | 28 | sudo websocketd/websocketd --port=8000 --staticdir=web --binary ./nbd-proxy | 
|  | 29 |  | 
|  | 30 | Note that this type of invocation is very insecure, and intended just for | 
|  | 31 | experimentation. See the Security section below. | 
|  | 32 |  | 
|  | 33 | For real deployments, you want your websocket-enabled service to run | 
|  | 34 | nbd-proxy, and connect its stdio to a websocket, running in binary mode. Your | 
|  | 35 | web interface will interact with this using an instance of the NBDServer object | 
|  | 36 | (defined in web/js/nbd.js): | 
|  | 37 |  | 
|  | 38 | var server = NBDServer(endpoint, file); | 
|  | 39 | server.start(); | 
|  | 40 |  | 
|  | 41 | - where endpoint is the websocket URL (ws://...) and file is a File object. See | 
|  | 42 | web/index.html for an example. | 
|  | 43 |  | 
|  | 44 | Security | 
|  | 45 | -------- | 
|  | 46 |  | 
|  | 47 | This code allows potentially-untrusted clients to export arbitrary block | 
|  | 48 | device data to your kernel. Therefore, you should ensure that only trusted | 
|  | 49 | clients can connect as NBD servers. | 
|  | 50 |  | 
|  | 51 | There is no authentication or authorisation implemented in the nbd proxy. Your | 
|  | 52 | websocket proxy should implement proper authentication before nbd-proxy is | 
|  | 53 | connected to the websocket endpoint. |