GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still and

Commit a4f10d9d authored by Cecylia Bocovich's avatar Cecylia Bocovich

Add Dockerfile and README for deploying probetest

The easiest way to set up the probe server behind a symmetric NAT is to
deploy it as a Docker container and alter the iptables rules for the
Docker network subnet that the container runs in.
parent f368c871
Pipeline #1531 passed with stage
in 10 minutes and 18 seconds
FROM golang:1.13
COPY probetest /go/bin
This is code for a remote probe test component of Snowflake.
### Overview
This is a probe test server to allow proxies to test their compatability
with Snowflake. Right now the only type of test implemented is a
compatability check for clients with symmetric NATs.
### Running your own
The server uses TLS by default.
There is a `--disable-tls` option for testing purposes,
but you should use TLS in production.
To build the probe server, run
```go build```
To deploy the probe server, first set the necessary env variables with
then run ```docker-compose up```
Setting up a symmetric NAT configuration requires a few extra steps. After
upping the docker container, run
```docker inspect snowflake-probetest```
to find the subnet used by the probetest container. Then run
```sudo iptables -L -t nat``` to find the POSTROUTING rules for the subnet.
It should look something like this:
target prot opt source destination
MASQUERADE all -- anywhere
to modify this rule, execute the command
```sudo iptables -t nat -R POSTROUTING $RULE_NUM -s -j MASQUERADE --random```
where RULE_NUM is the numbered rule corresponding to your docker container's subnet masquerade rule.
Afterwards, you should see the rule changed to be:
target prot opt source destination
MASQUERADE all -- anywhere random
version: "3.8"
build: .
container_name: snowflake-probetest
- "8443:8443"
- /home/snowflake-broker/acme-cert-cache:/go/bin/acme-cert-cache
entrypoint: [ "probetest" , "-addr", ":8443" , "-acme-hostnames", $HOSTNAMES, "-acme-email", $EMAIL, "-acme-cert-cache", "/go/bin/acme-cert-cache"]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment