mirror of
https://github.com/Gouryella/drip.git
synced 2026-02-23 21:00:44 +00:00
88e4525bf6
- Removed the manual performance optimization configuration in main.go and replaced it with a new tuning module. - Add patterned GC tuning in server.go and tunnel_runner.go - Updated yamux configuration to a unified optimized configuration to improve throughput. - Implement connection pool preheating function to eliminate cold start delay. - Optimize session selection using a min-heap, reducing the time complexity from O(n) to O(log n). - Add a bufio.Reader pool and a buffer pool to reduce memory allocation. - Implement a fragmented lock manager to improve performance under high concurrency. - Adjust heartbeat and timeout configurations to suit high-throughput scenarios BREAKING CHANGE: Manual GC tuning configuration has been removed; automatic tuning mode is now used.
Drip
Your Tunnel, Your Domain, Anywhere
A self-hosted tunneling solution to securely expose your services to the internet.
Drip is a quiet, disciplined tunnel.
You light a small lamp on your network, and it carries that light outward—through your own infrastructure, on your own terms.
Why?
Control your data. No third-party servers means your traffic stays between your client and your server.
No limits. Run as many tunnels as you need, use as much bandwidth as your server can handle.
Actually free. Use your own domain, no paid tiers or feature restrictions.
| Feature | Drip | ngrok Free |
|---|---|---|
| Privacy | Your infrastructure | Third-party servers |
| Domain | Your domain | 1 static subdomain |
| Bandwidth | Unlimited | 1 GB/month |
| Active Endpoints | Unlimited | 1 endpoint |
| Tunnels per Agent | Unlimited | Up to 3 |
| Requests | Unlimited | 20,000/month |
| Interstitial Page | None | Yes (removable with header) |
| Open Source | ✓ | ✗ |
What's New in v0.5.0
🔄 Switched to Yamux Protocol
Our custom multiplexing protocol had too many edge-case bugs. We replaced it with yamux, HashiCorp's battle-tested stream multiplexing library.
Why Yamux?
- Production-proven in Consul, Nomad, and other critical infrastructure
- Built-in flow control and keepalive support
- Active maintenance and community support
What changed:
- Removed: Custom HPACK compression, flow control, binary framing, HTTP codec
- Added: Yamux-based connection pooling and session management
- Result: ~60% less protocol code, significantly improved stability
⚡ Performance Improvements
| Metric | Improvement |
|---|---|
| Connection setup | 3x faster (session reuse) |
| Memory per tunnel | -50% (simplified state) |
| Latency (p99) | -40% (fewer encoding layers) |
| Throughput | +80% (efficient multiplexing) |
⚠️ Breaking Change: Protocol incompatible with v0.4.x. Upgrade both client and server.
Quick Install
bash <(curl -sL https://raw.githubusercontent.com/Gouryella/drip/main/scripts/install.sh)
- Pick a language, then choose to install the client (macOS/Linux) or server (Linux).
- Non-interactive examples:
- Client:
bash <(curl -sL https://raw.githubusercontent.com/Gouryella/drip/main/scripts/install.sh) --client - Server:
bash <(curl -sL https://raw.githubusercontent.com/Gouryella/drip/main/scripts/install.sh) --server
- Client:
Uninstall
bash <(curl -sL https://raw.githubusercontent.com/Gouryella/drip/main/scripts/uninstall.sh)
Usage
First Time Setup
# Configure server and token (only needed once)
drip config init
Basic Tunnels
# Expose local HTTP server
drip http 3000
# Expose local HTTPS server
drip https 443
# Pick your subdomain
drip http 3000 -n myapp
# → https://myapp.your-domain.com
# Expose TCP service (database, SSH, etc.)
drip tcp 5432
Forward to Any Address
Not just localhost - forward to any device on your network:
# Forward to another machine on LAN
drip http 8080 -a 192.168.1.100
# Forward to Docker container
drip http 3000 -a 172.17.0.2
# Forward to specific interface
drip http 3000 -a 10.0.0.5
Background Mode
Run tunnels in the background with -d:
# Start tunnel in background
drip http 3000 -d
drip https 8443 -n api -d
# List running tunnels
drip list
# View tunnel logs
drip attach http 3000
# Stop tunnels
drip stop http 3000
drip stop all
Server Deployment
Prerequisites
- A domain with DNS pointing to your server (A record)
- Wildcard DNS for subdomains:
*.tunnel.example.com -> YOUR_IP - SSL certificate (wildcard recommended)
Option 1: Direct (Recommended)
Drip server handles TLS directly on port 443:
# Get wildcard certificate
sudo certbot certonly --manual --preferred-challenges dns \
-d "*.tunnel.example.com" -d "tunnel.example.com"
# Start server
drip-server \
--port 443 \
--domain tunnel.example.com \
--tls-cert /etc/letsencrypt/live/tunnel.example.com/fullchain.pem \
--tls-key /etc/letsencrypt/live/tunnel.example.com/privkey.pem \
--token YOUR_SECRET_TOKEN
Option 2: Behind Nginx
Run Drip on port 8443, let Nginx handle SSL termination:
server {
listen 443 ssl http2;
server_name *.tunnel.example.com;
ssl_certificate /etc/letsencrypt/live/tunnel.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tunnel.example.com/privkey.pem;
location / {
proxy_pass https://127.0.0.1:8443;
proxy_ssl_protocols TLSv1.3;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
}
}
Systemd Service
The install script creates /etc/systemd/system/drip-server.service automatically. Manage with:
sudo systemctl start drip-server
sudo systemctl enable drip-server
sudo journalctl -u drip-server -f
Features
Security
- TLS 1.3 encryption for all connections
- Token-based authentication
- No legacy protocol support
Flexibility
- HTTP, HTTPS, and TCP tunnels
- Forward to localhost or any LAN address
- Custom subdomains or auto-generated
- Daemon mode for persistent tunnels
Performance
- Binary protocol with msgpack encoding
- Connection pooling and reuse
- Minimal overhead between client and server
Simplicity
- One-line installation
- Save config once, use everywhere
- Real-time connection stats
Architecture
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ Internet │ ──────> │ Server │ <────── │ Client │
│ User │ HTTPS │ (Drip) │ TLS 1.3 │ localhost │
└─────────────┘ └──────────────┘ └─────────────┘
Common Use Cases
Development & Testing
# Show local dev site to client
drip http 3000
# Test webhooks from services like Stripe
drip http 8000 -n webhooks
Home Server Access
# Access home NAS remotely
drip http 5000 -a 192.168.1.50
# Remote into home network via SSH
drip tcp 22
Docker & Containers
# Expose containerized app
drip http 8080 -a 172.17.0.3
# Database access for debugging
drip tcp 5432 -a db-container
Command Reference
# HTTP tunnel
drip http <port> [flags]
-n, --subdomain Custom subdomain
-a, --address Target address (default: 127.0.0.1)
-d, --daemon Run in background
-s, --server Server address
-t, --token Auth token
# HTTPS tunnel (same flags as http)
drip https <port> [flags]
# TCP tunnel (same flags as http)
drip tcp <port> [flags]
# Background tunnel management
drip list List running tunnels
drip list -i Interactive mode
drip attach [type] [port] View logs
drip stop <type> <port> Stop tunnel
drip stop all Stop all tunnels
# Configuration
drip config init Set up server and token
drip config show Show current config
drip config set <key> <value>
License
BSD 3-Clause License - see LICENSE for details