http-knocking
HTTP knocking is like port knocking. It hides your server, and allows you to open/close the server by certain knocking.
In HTTPS communication, knocking is hidden because of encryption unlike port knocking.
Run with npm
Suppose http://localhost:8181/ is running. The following command runs a http-knocking server on port 8282.
npm install -g http-knocking
http-knocking --port=8282 --target-host=localhost --target-port=8181 --open-knocking="/alpha,/foxtrot,/lima"In the case of --open-knocking="/alpha,/foxtrot,/lima", you can open the server by accessing to
Close procedure is the reverse order of open if --close-knocking is not specfied.
Technically, localhost:8282 is a reverse proxy server to localhost:8181.
Run with Docker Compose
Here is a docker-compose.yml to run Ghost on http-knocking.
version: '3.1'
services:
http-knocking:
image: nwtgck/http-knocking:v0.3.1
ports:
- '8282:8282'
depends_on:
- ghost
restart: always
command: --port=8282 --target-host=ghost --target-port=2368 --open-knocking="/alpha,/foxtrot,/lima"
ghost:
image: ghost
restart: always
expose:
- "2368"Options
Here is available options.
Options:
--help Show help [boolean]
--version Show version number [boolean]
--port Port of knocking server
[number] [required]
--target-host Target host to hide [string] [required]
--target-port Target port to hide[number] [default: 80]
--open-knocking Open-knocking sequence (e.g.
"/alpha,/foxtrot,/lima") [string]
--close-knocking Close-knocking sequence (e.g.
"/victor,/kilo") [string]
--enable-websocket Enable WebSocket proxy [default: false]
--auto-close-millis Time millis to close automatically
[number]
--open-knocking-max-interval-millis Time millis to reset open procedure
[number]
--http-request-limit Limit of HTTP request [number]
--on-upgrade-limit Limit of on-upgrade (WebSocket) [number]
--enable-fake-nginx Enable fake Nginx Internal Server Error
response [default: false]
--fake-nginx-version Nginx version in fake Nginx Internal
Server Error response [default: "1.15.2"]
--enable-empty-response Enable empty response (NOTE: Not empty
HTTP body) [default: false]
--enable-knocking-update Enable auto knocking-update
[default: false]
--knocking-update-interval-sec Interval millis of auto knocking-update
[default: 1800]
--min-knocking-length Min knocking length used in auto
knocking-update [default: 6]
--max-knocking-length Max knocking length used in auto
knocking-update [default: 8]
--n-knockings The number of knocking sequence used in
auto knocking-update [default: 3]
--webhook-url Webhook URL used in auto knocking-update
[string]
--webhook-template-path Webhook template file path used in auto
knocking-update [string]
--auto-close-millis option makes your server more secure because it closes automatically by time.
--open-knocking-max-interval-millis option also makes your server more secure because it resets open procedure by time.
--http-request-limit restricts the number of HTTP requests after knocking server opening.
--on-upgrade-limit restricts the number of on-upgrade (WebSocket) after knocking server opening.
--enable-fake-nginx option fakes server response like "Nginx Internal Server Error" when the knocking server is closed.
--fake-nginx-version option specifies Nginx version used in fake "Internal Server Error" response.
--enable-empty-response option changes a knocking server response to be empty when the knocking server is closed
Auto Knocking-Update
To get more secure, --enable-knocking-update option updates knocking-sequences regularly and notifies new sequences via Webhook. You can use any Webhook-supported services.
Here is a demo to notify to Slack.
Here is a demo to notify to Discord.
Templates of JSON notified to the services are located at
The following options are required to enable auto knocking-update.
--enable-knocking-update--webhook-url=https://...--webhook-template-path=./path/to/webhook/template
Fake English words
Fake English words used in auto knocking-update are generated by fakelish.