dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
fork atom
dots / docs / src / services / bore.md
at main 43 lines 2.0 kB view raw view rendered
dunkirk.sh feat: add mdbook
a104e5e9
1# bore (server) 2 3Lightweight tunneling server built on frp. Supports HTTP (wildcard subdomains), TCP, and UDP tunnels with optional OAuth authentication via Indiko. 4 5**Domain:** `bore.dunkirk.sh` · **frp port:** 7000 6 7This is a **custom module** — it does not use mkService. 8 9## Options 10 11| Option | Type | Default | Description | 12|--------|------|---------|-------------| 13| `enable` | bool | `false` | Enable bore server | 14| `domain` | string | — | Base domain for wildcard subdomains | 15| `bindAddr` | string | `"0.0.0.0"` | frps bind address | 16| `bindPort` | port | `7000` | frps bind port | 17| `vhostHTTPPort` | port | `7080` | Virtual host HTTP port | 18| `allowedTCPPorts` | list of ports | `20000–20099` | Ports available for TCP tunnels | 19| `allowedUDPPorts` | list of ports | `20000–20099` | Ports available for UDP tunnels | 20| `authToken` | string or null | `null` | frp auth token (use `authTokenFile` instead) | 21| `authTokenFile` | path or null | `null` | Path to file containing frp auth token | 22| `enableCaddy` | bool | `true` | Auto-configure Caddy wildcard vhost | 23 24### Authentication 25 26When enabled, all HTTP tunnels are gated behind Indiko OAuth. Users must sign in before accessing tunneled services. 27 28| Option | Type | Default | Description | 29|--------|------|---------|-------------| 30| `auth.enable` | bool | `false` | Enable bore-auth OAuth middleware | 31| `auth.indikoURL` | string | `"https://indiko.dunkirk.sh"` | Indiko server URL | 32| `auth.clientID` | string | — | OAuth client ID from Indiko | 33| `auth.clientSecretFile` | path | — | Path to OAuth client secret | 34| `auth.cookieHashKeyFile` | path | — | 32-byte cookie signing key | 35| `auth.cookieBlockKeyFile` | path | — | 32-byte cookie encryption key | 36 37After authentication, these headers are passed to tunneled services: 38 39- `X-Auth-User` — user's profile URL 40- `X-Auth-Name` — display name 41- `X-Auth-Email` — email address 42 43See [bore (client)](../modules/bore-client.md) for the home-manager client module.