Move to secure defaults

Whilst inlets OSS can be useful for understanding how
tunnels work, it does not encrypt the control-plane by
default, so is not secure by default. This moves to using
inlets PRO to encrypt traffic over the tunnel.

Significant contributors to inletsctl are welcome to a year's
free license for non-commercial use for inlets PRO.

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>

README.md

@@ -20,15 +20,9 @@ It needs to exist as a separate binary and CLI, so that the core inlets tool doe
 
 Use-cases:
 
-* Setup L7 HTTP and L4 TCP tunnels for your local services using [inlets](https://inlets.dev/) with `inletsctl create`
+* Setup L4 TCP tunnels for your local services using [inlets](https://inlets.dev/) with `inletsctl create`
 * Port-forward services your local Kubernetes cluster using `inletsctl kfwd`
 
-## Built for developers by developers
-
-<a href="https://github.com/sponsors/inlets/">
-<img alt="Sponsor this project" src="https://github.com/alexellis/alexellis/blob/master/sponsor-today.png" width="90%">
-</a>
-
 ## Video demo
 
 [![asciicast](https://asciinema.org/a/wVapSMsxpTdU9SBpRXwULaKE4.svg)](https://asciinema.org/a/wVapSMsxpTdU9SBpRXwULaKE4)
@@ -41,7 +35,7 @@ In the demo we:
 * Access the Python HTTP server via the DigitalOcean Public IP
 * Use the CLI to delete the host
 
-inletsctl is the quickest and easiest way to automate both `inlets` and `inlets-pro`, whilst retaining complete control.
+inletsctl is the quickest and easiest way to automate `inlets-pro`, whilst retaining complete control of your tunnel and data.
 
 ## Provisioners
 
@@ -59,19 +53,10 @@ type Provisioner interface {
 
 ## Features
 
-* Provision hosts quickly using cloud-init with inlets/PRO pre-installed - `inletsctl create`
+* Provision hosts quickly using cloud-init with inlets pre-installed - `inletsctl create`
 * Delete hosts by ID or IP address - `inletsctl delete`
 * Automate port-forwarding from Kubernetes clusters with `inletsctl kfwd`
 
-### inlets projects
-
-inlets is a Cloud Native Tunnel and is [listed on the Cloud Native Landscape](https://landscape.cncf.io/category=service-proxy&format=card-mode&grouping=category&sort=stars) under *Service Proxies*.
-
-* [inlets PRO](https://inlets.dev) - Cloud Native Tunnel - TCP, HTTP & websockets with automated TLS encryption
-* [inlets](https://github.com/inlets/inlets) - Cloud Native Tunnel for HTTP only - configure TLS separately
-* [inlets-operator](https://github.com/inlets/inlets-operator) - Public IPs for your private Kubernetes Services and CRD
-* [inletsctl](https://github.com/inlets/inletsctl) - The fastest way to create self-hosted exit-servers
-
 ## How much will this cost?
 
 The `inletsctl create` command will provision a cloud host with the provider and region of your choice and then start running `inlets server`. The host is configured with the standard VM image for Ubuntu or Debian Linux and inlets is installed via userdata/cloud-init.

cmd/create.go

@@ -6,7 +6,6 @@ package cmd
 import (
 	"encoding/base64"
 	"fmt"
-	"strconv"
 	"strings"
 	"time"
 
@@ -20,10 +19,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-const inletsOSSVersion = "2.7.4"
 const inletsPROVersion = "0.7.0"
-
-const inletsOSSControlPort = 8080
 const inletsProControlPort = 8123
 
 func init() {
@@ -46,7 +42,7 @@ func init() {
 	createCmd.Flags().String("project-id", "", "Project ID (equinix-metal, gce)")
 	createCmd.Flags().String("subscription-id", "", "Subscription ID (Azure)")
 
-	createCmd.Flags().Bool("pro", false, `Provision an exit-server for use with inlets PRO`)
+	createCmd.Flags().Bool("pro", true, `Provision an exit-server for use with inlets PRO`)
 
 	createCmd.Flags().DurationP("poll", "n", time.Second*2, "poll every N seconds, use a higher value if you encounter rate-limiting")
 }
@@ -205,9 +201,9 @@ func runCreate(cmd *cobra.Command, _ []string) error {
 	}
 
 	name := strings.Replace(names.GetRandomName(10), "_", "-", -1)
-	userData := provision.MakeExitServerUserdata(inletsOSSControlPort,
+	userData := provision.MakeExitServerUserdata(0,
 		inletsToken,
-		inletsOSSVersion,
+		"",
 		inletsPROVersion,
 		pro)
 
@@ -217,7 +213,7 @@ func runCreate(cmd *cobra.Command, _ []string) error {
 		zone,
 		projectID,
 		userData,
-		strconv.Itoa(inletsOSSControlPort),
+		"0",
 		vpcID,
 		subnetID,
 		pro)
@@ -252,47 +248,29 @@ func runCreate(cmd *cobra.Command, _ []string) error {
 			i+1, max, hostStatus.ID, hostStatus.Status)
 
 		if hostStatus.Status == "active" {
-			if !pro {
-				fmt.Printf(`inlets OSS (`+inletsOSSVersion+`) exit-server summary:
+			fmt.Printf(`inlets PRO (`+inletsPROVersion+`) exit-server summary:
   IP: %s
   Auth-token: %s
 
 Command:
-  export UPSTREAM=http://127.0.0.1:8000
-  inlets client --remote "ws://%s:%d" \
-	--token "%s" \
-	--upstream $UPSTREAM
 
-To Delete:
-	inletsctl delete --provider %s --id "%s"
-`,
-					hostStatus.IP,
-					inletsToken,
-					hostStatus.IP,
-					inletsOSSControlPort,
-					inletsToken,
-					provider,
-					hostStatus.ID)
-				return nil
-			}
+# Obtain a license at https://inlets.dev
+export LICENSE="$HOME/.inlets/license"
 
-			fmt.Printf(`inlets PRO (`+inletsPROVersion+`) exit-server summary:
-  IP: %s
-  Auth-token: %s
+# Give a single value or comma-separated
+export PORTS="8000"
 
-Command:
-  export LICENSE=""
-  export PORTS="8000"
-  export UPSTREAM="localhost"
-
-  inlets-pro client --url "wss://%s:%d/connect" \
-	--token "%s" \
-	--license "$LICENSE" \
-	--upstream $UPSTREAM \
-	--ports $PORTS
-
-To Delete:
-	  inletsctl delete --provider %s --id "%s"
+# Where to route traffic from the inlets server
+export UPSTREAM="localhost"
+
+inlets-pro client --url "wss://%s:%d/connect" \
+  --token "%s" \
+  --license-file "$LICENSE" \
+  --upstream $UPSTREAM \
+  --ports $PORTS
+
+To delete:
+  inletsctl delete --provider %s --id "%s"
 `,
 				hostStatus.IP,
 				inletsToken,