Piko: An Open-Source Ngrok Alternative for Production Traffic and Kubernetes
Summary
Piko is an open-source reverse proxy designed as an alternative to Ngrok. It provides secure tunneling for services not publicly routable, focusing on production readiness with fault tolerance and horizontal scaling. Piko is also optimized for simple hosting, particularly on Kubernetes.
Repository Info
Tags
Click on any tag to explore related repositories
Introduction
Piko is an open-source reverse proxy that offers a secure way to connect to services that are not publicly publicly routable, a technique known as tunneling. Designed as an alternative to Ngrok, Piko focuses on serving production traffic and simplifying hosting, especially on Kubernetes. It enables your upstream services to open outbound-only connections (tunnels) to the Piko server, which then forwards incoming traffic to your services via these established connections.
Piko's core design goals include being built for production traffic, running as a cluster of nodes for fault tolerance, horizontal scaling, and zero-downtime deployments. It is also engineered for simple hosting behind an HTTP(S) load balancer on Kubernetes, making it a robust solution for exposing services in customer networks, BYOC environments, or connecting to user devices.
Installation
To get started with Piko, please refer to the official Getting Started guide in the project's Wiki. This guide provides detailed instructions on how to set up and run Piko.
Examples
Piko allows upstream services to listen for traffic on specific endpoints. It manages routing incoming connections and requests to an upstream service listening on the target endpoint, load balancing requests if multiple upstreams are available. No static configuration is required, as upstreams can listen on any endpoint they choose.
You can open an upstream listener using the Piko agent, which supports both HTTP and TCP upstreams. For example, to listen on endpoint my-endpoint and forward traffic to localhost:3000:
# HTTP listener.
$ piko agent http my-endpoint 3000
# TCP listener.
$ piko agent tcp my-endpoint 3000
The Go SDK also allows you to listen directly from your application using a standard net.Listener.
HTTP(S) Proxying
Piko acts as a transparent HTTP(S) reverse proxy. Incoming HTTP(S) requests identify the target endpoint using either the Host header or the x-piko-endpoint header. If Piko is hosted with a wildcard domain like *.piko.example.com, a request to foo.piko.example.com will be routed to an upstream listening on endpoint foo. Alternatively, you can use the x-piko-endpoint header, for instance, x-piko-endpoint: foo, if Piko is hosted at a fixed domain like piko.example.com.
TCP Proxying
Piko supports proxying TCP traffic. For TCP, you typically use either Piko forward or the Go SDK to map a local TCP port to the target endpoint. Piko forward listens on a local TCP port and forwards connections to the configured upstream endpoint via the Piko server.
For example, to listen on port 3000 and forward connections to endpoint my-endpoint:
piko forward 3000 my-endpoint
Unlike HTTP, raw TCP connections do not inherently identify the target endpoint, necessitating the use of Piko forward or the Go SDK to establish the connection to the correct endpoint.
Why Use Piko?
Piko stands out as a powerful open-source solution for secure tunneling and reverse proxying, offering a compelling alternative to services like Ngrok. Its key advantages include:
- Production Readiness: Built to handle production traffic, Piko servers can run as a cluster of nodes, providing fault tolerance, horizontal scaling, and support for zero-downtime deployments. It includes observability features like a Prometheus endpoint, access logging, and a status API.
- Simple Kubernetes Hosting: Piko is designed for easy deployment on Kubernetes, supporting StatefulSets, gradual rollouts, and integration with HTTP load balancers or Kubernetes Gateways. This simplifies managing and scaling your tunneling infrastructure.
- Flexible Tunneling: It allows services to run anywhere as long as they can open an outbound connection to the Piko server, eliminating the need for public routes to your upstream services.
- Dynamic Endpoint Management: Upstreams can dynamically listen on any endpoint without static configuration, providing flexibility and ease of use.
Links
- GitHub Repository: https://github.com/andydunstall/piko
- Wiki (Documentation): https://github.com/andydunstall/piko/wiki/
- Discussions: https://github.com/andydunstall/piko/discussions
- Contributing: https://github.com/andydunstall/piko/blob/main/CONTRIBUTING.md