Get the top HN stories in your inbox every day.
hobofan
Tried it out and it's amazing!
I'm a freelancer working with different clients with a mix of the technologies you listed (Docker/Kubernetes) and I'm using Tailscale for mostly personal use-cases, so this hits all the right spots.
Up until now I proxied most of my stuff on a macOS client via "SSH Tunnel Manager", which has quite a clunky UI, and whenever I have to reconfigure something there the current feedback of the current connection state isn't always right. I just moved all those settings to XPipe, and it works like a charm.
Previously I also used the same solution for accessing some internal websites via a combination of the SSH tunnels + /etc/hosts entries + header rewrites, which depending on the complexity of the websites sometimes works great and sometimes doesn't at all. With XPipe I was easily able to set up a SOCKS proxy, which I previously gave up on trying to figure out. Paired that with FoxyProxy on Firefox and now all the websites work like a charm!
crschnick
Great that it works for you. I also struggled a lot with setting up various different types of tunnels initially, especially more complex ones. That was one of the motivations why I started developing it.
Cynddl
Previous discussions:
https://news.ycombinator.com/item?id=40599419 (9 months ago)
https://news.ycombinator.com/item?id=38412162 (2 years ago)
https://news.ycombinator.com/item?id=37186039 (2 years ago)
rubin55
Hey, I just wanted to congratulate you with a very impressive release, the software looks amazing, and I think I will give it a try pretty soon. A question: I see only subscription pricing; is a lifetime licence possible, or a licence like the way jetbrains does it (you pay for version, and maintain the right to keep using the version that was available when the license/subscrition expires, you can re-activate any time).
I'm particularly interested in this "field". I've build something similar many moons ago [1], in the same spirit, but much more primitive. I later started a company around an evolved idea, where the structure you sort of see in your screenshots is effectively a DAG with arbitrary depth (we didn't manage to release it unfortunately, complexity overtook us).
In any case, much congratulations + good luck with the launch!
crschnick
Thanks! Yes, you can find lifetime licenses on the pricing page further down. A perpetual fallback license model like jetbrains has does not exist yet. But I could look into this in the future.
It's cool to see that there are also other people in that space. And about the complexity, I definitely know what you mean. It took a long while before this approach even worked and also took a while until it was actually stable. One of the main points of consideration whenever I think of adding something is the added complexity, because it's very important for me to keep that as low as possible. Otherwise I will end up with an unmaintainable workload. There were definitely a few interesting features I discarded to keep the application as lean as possible.
sepositus
Question for the developer: for the Kubernetes integration, I use aws-vault to generate short-lived credentials to authenticate with my clusters (meaning, by default, kubectl doesn't work outside of this context).
Would it be possible to get XPipe to work with this constraint? Couldn't find much in the docs.
crschnick
Now I don't fully know the details of your setup, but in general XPipe just works on top of your kubectl installation. So it will only work if you could manually connect to your clusters via kubectl in a terminal. But you can always just try it out and see what happens the community version because I can't say that for sure.
sepositus
Yeah, I'm assuming you're just calling kubectl directly underneath the hood. The way that aws-vault works is that you do something like: `aws-vault exec kubectl ...` or you can just do `aws-vault exec` and drop into a subshell. In both cases, a set of short-lived AWS credentials are exposed via the AWS-defined environment variables to the process (or shell context). The kubeconfig is then configured to handle authentication via AWS (rather than the default certificate method).
So, if you just straight-up call `kubectl` within XPipe without having AWS credentials already available, then it would fail. So, I'm guessing this wouldn't work.
mdaniel
I'm also an aws-vault user and wanted to draw your attention to the fact that kubectl supports exec based credential acquisition (in fact, that's how $(aws eks update-kubeconfig) emits them by default). Now, whether that fits your threat model is a different story, but it's for sure technically possible because I use that setup every day
By default, it looks like this:
exec:
command: aws
args:
- --region
- us-east-2
- eks
- get-token
- --cluster-name
- my-cluster
exec:
command: aws-vault
args:
- exec
- --region
- us-east-2
- my-vault-profile
- --
- aws
# likely not required, but I'm including it for "coding in a textarea" :-)
- --region
- us-east-2
- eks
- get-token
- --cluster-name
- my-clustercrschnick
Yeah, I think something like that will be properly supported once I get around to implementing an aws integration in the future
spacepotato
[dead]
gbraad
> connections to those systems are only possible starting from the professional plan: Red Hat Enterprise Linux systems, etc
/me blinks. An OS is an OS... so, access to developer licenses for these are Professional use too?
> connections to those systems are only possible starting from the homelab plan: Oracle Linux systems
/me blinks even more ...
crschnick
That is implemented under the assumption that these distros are most of the time used in enterprise contexts. I know that this is not always the case, there is the option to upgrade to a license at no cost to the next tier if you’re only using it for personal use. Just send me an email I can upgrade it for you.
fru654
> That is implemented under the assumption that these distros are most of the time used in enterprise contexts.
I've been using OEL since before Rocky was a thing. It was and still is a free alternative to RHEL.
Apart from that, all my planned use of XPipe fits entirely in the Community feature set (maybe apart from Yubikey/GPG agent).
But now I'd need to pay $5 a month just to open a shell? No thanks.
Also, a slight tangent, but charging homelab folks $5/mo is weird. The only profit I'm making with my homelab is negative. And I, as a developer, would much more likely to ask my employer to buy an enterprise license if I actually liked using it at home. Like Tailscale, JetBrains, etc.
crschnick
Considering the costs of a more serious homelab, I think paying $5 a month for a tool that can save you some time and effort, can be reasonable. Of course only if you see the value for yourself. That value comes from more features than just the shell opener, that is only a part of XPipe.
The community version is pretty extensive in what you can do with it, so I think you can accurately judge whether the homelab plan is worth it for you by using it for a bit.
rdslw
Can you expand with more technical explanation how are those two points implemented:
- You can bring your shell environments / init scripts / aliases with you in a noninvasive way. I.e. you don't have to modify the remote system dotfiles, when you connect through xpipe it will set up any scripts you want to have available automatically
- You can link up your password manager with your SSH client and other connection methods that require passwords
Feel free to write here or refer to any url you recommend.
Thank you, and good luck with your product!
crschnick
- When XPipe will open a terminal connection and you have specified custom shell environments / init scripts for a certain system, it will first automatically create a temporary init script on the target system in the background, which will be run as the login script only for that terminal launch from XPipe. That way it's noninvasive and doesn't change any existing configuration on the system
- XPipe acts as an askpass program for SSH, meaning that it can listen to any password requests made from the ssh client, forward that your password manager, and reply with the password that the password manager returned. If you password manager supports the SSH-agent, XPipe can also use it to supply keys for ssh as well.
InMice
Where can I find what the "advanced ssh features" are for homelab version? Can't seem to find such details on the website right now..
Thank you for this, it looks amazing. With so many client machines, servers, raspberry pis, tunneling to home, RDP sessions etc etc these days it gets out of hand managing connections. I can't wait to try this. Thank you
crschnick
On the pricing page, you can find a feature matrix. The advanced SSH features are basically things like smartcard support, custom Pkcs#11 libraries, etc.
wkat4242
Hmm looks interesting but all my servers require openpgp (yubikey with gpg agent support) so I'd have to use the homelab tier. And I'm very adverse to subscriptions.
And I don't think it's available for my os, otherwise I'd try it. But it's ok, I have my own setups for this stuff.
crschnick
What os are you using?
And about adversity to subscriptions, note that you can also obtain lifetime licenses further down the pricing page.
wkat4242
I use BSD. But it's ok, I'm kinda happy with the setup I have. Obviously I'm not really an "out of the box" and "use it like it's meant to be used" kind of person, otherwise I definitely wouldn't have used BSD :)
And the marketshare on desktop is so tiny that there is really no value in supporting it, I understand that.
crschnick
Yeah I remember that some time ago there was an attempt to make it run on BSD by some BSD users, but that didn't work out as some dependencies like the latest JavaFX version was not available for BSD yet. That is one of the disadvantages when always switching to the latest versions
von_lohengramm
> Windows enterprise systems are only supported with at least a XPipe Professional license. You can find information about upgrading to a professional license below.
Welp. If I have to choose between XPipe and LTSC, I'm afraid LTSC is gonna win. I have no interest running a version of Windows where Windows Update will randomly decide to brick my install or better yet, add even more Candy Crushes to my start menu.
crschnick
Are you using the LTSC version on your desktop or also for some of your remote systems? I think if it's only for the desktop, I can fix that as that isn't really intended to be limited to the Professional version. Didn't really test it on an LTSC system so far, so I will look into that
von_lohengramm
On my desktop, but I am trying to access it "remotely" from the same machine. I have a Linux host and an LTSC KVM guest with GPU passthrough so I can cleanly isolate (and more easily reproduce) my Windows environment. Currently, I just use VSCode's Remote SSH to develop in Windows, but it leaves much to be desired.
crschnick
Ah I see. The reason it complains now is that the LTSC systems are called Windows Enterprise LTSC, didn't even know that they fell under the Windows Enterprise category.
You can run XPipe on a local LTSC installation, you just can't connect to one remotely because it thinks that you are connecting to a Windows Enterprise server. I will think about how to solve this the best way, because that wasn't on my radar
axkdev
Hi! Looks like a very interesting tool, as a stubborn cli-only user, I was pleased that there is cli version of this alongside the GUI verison. However, trying to look into the documentation of the cli has left me with a 404 page. https://docs.xpipe.io/cli/man
crschnick
Whoops, it seems like some links were not updated yet. That should be just https://docs.xpipe.io/cli
To preface that, the CLI is only very basic. The only real thing you can do with it is launch shell connections. For more advanced usage without the GUI, there is for example the Python API: https://docs.xpipe.io/guide/python-api
whistl034
The ARM Mac version crashes instantly upon launch with a window reporting a broken pipe error, and attempts to 'report and send diagnostics' gets the same problem.
Well, I tried to try it. I guess I'll just bookmark it and try again at a later date.
crschnick
On macOS there are still a few reliability problems, mostly caused by misbehaving zsh extensions that I have to work around. I replied to your issue report, I think this should be fixable.
npodbielski
Nice. Just add remote desktop and vnc and it would be nice alternative to remmina.
crschnick
The goal of XPipe is to be connection hub that brings together your tools, not really replace them. For example with RDP and remmina, XPipe has an integration for remmina to launch RDP connections directly, making it easier for you to quickly boot into RDP sessions. Especially when you combine it with the automatic SSH tunneling functionality for RDP that is also included.
For VNC, as the a landscape of tools to integrate is a little bit less populated compared to RDP, XPipe has a built-in VNC client. However, if you still want to use your own VNC client, you can do so using the service tunnel functionality.
npodbielski
Very nice then. I looked through the page and did not saw anywhere mention of any remote desktop technology, but I also did not looked thorough enough.
Will try it to see how this work.
Get the top HN stories in your inbox every day.
Hey HN, I built XPipe as I always wanted to have an easy file system and terminal access to all of my remote systems, including containers, virtual machines, clusters, and more that you normally can't connect to with existing solutions out of the box.
XPipe is a new type of connection hub that allows you to access your entire server infrastructure from your local desktop. It can make your life easier when working with any kind of servers by eliminating all the commonly tedious tasks that come up when interacting with remote systems, either from the terminal or from a graphical interface. XPipe comes with integrations for SSH, docker and other containers, various hypervisors like Proxmox, Kubernetes clusters, tools like Teleport and Tailscale, and more without requiring any setup on your remote systems. You can link your favourite text/code editors, terminals, password managers, shells, command-line tools, and more with it, allowing you to keep using your own favourite tools when working with XPipe.
The entire implementation of how it communicates with remote systems is completely different from most other solutions out there. What happens in the background can essentially be explained this way: It launches a local shell process like cmd or bash and executes a command that opens a remote shell connection such as ssh user@host in that shell process. All communication is then done through the stdin/stdout/stderr of that shell process. From there, it detects what kind of server and environment, such as shell type, os, user, etc. you have logged into and adjusts how it talks to the remote system. By then using, for example, file system related commands such as ls, rm, touch, etc. and its equivalents, it can realize a functional file manager that can connect to essentially every system.
It is essentially the same idea as emacs TRAMP mode if you have ever used that. With the difference being that it works on all kinds of systems and is also not constrained to a certain editor/tool environment. VSCode also uses a similar approach for some of the remote development tools with SSH, but that one is more limited in scope and is a little bit sluggish to use. And it's also bound to the VSCode platform. The goal of XPipe's implementation is to not be limited by a certain environment or specific set of tools.
The development took a while as this new approach requires a completely new implementation in many areas, but I am confident that it's ready now. I appreciate any kind of feedback from you to guide me in the right development direction from here.
Enjoy!