o ;i @sdZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l mZdd lmZmZmZmZed d Gd ddZedddddedededeedeef ddZe eZdS)z=Client for Modal relay servers, allowing users to expose TLS.) AsyncIterator) dataclass)Optional)asynccontextmanager)api_pb2)synchronize_api)_Client)AlreadyExistsError InvalidError RemoteError ServiceErrorT)frozenc@sxeZdZUdZeed<eed<eed<eed<edefddZede eeffd d Z ede eeffd d Z d S)TunnelzA port forwarded from within a running Modal container. Created by `modal.forward()`. **Important:** This is an experimental API which may change in the future. hostportunencrypted_hostunencrypted_portreturncCs*d|j}|jdkr|d|j7}|S)z/Get the public HTTPS URL of the forwarded port.zhttps://i:rr)selfvaluerA/home/ubuntu/.local/lib/python3.10/site-packages/modal/_tunnel.pyurls  z Tunnel.urlcCs |j|jfS)z2Get the public TLS socket as a (host, port) tuple.rrrrr tls_socket%s zTunnel.tls_socketcCs|jstd|j|jfS)z2Get the public TCP socket as a (host, port) tuple.z_This tunnel is not configured for unencrypted TCP. Please use `forward(..., unencrypted=True)`.)rr rrrrr tcp_socket*s  zTunnel.tcp_socketN) __name__ __module__ __qualname____doc__str__annotations__intpropertyrtuplerrrrrrrs rFN) unencrypted h2_enabledclientrr(r)r*rc Cs@t|ts td||dks|dkrtd||r$|r$td|s-tIdH}|jtjkr7td|r print("TCP tunnel listening at:", tunnel.tcp_socket) run_echo_server(8000) ``` **SSH example:** This assumes you have a rsa keypair in `~/.ssh/id_rsa{.pub}`, this is a bare-bones example letting you SSH into a Modal container. ```python import subprocess import time import modal app = modal.App() image = ( modal.Image.debian_slim() .apt_install("openssh-server") .run_commands("mkdir /run/sshd") .add_local_file("~/.ssh/id_rsa.pub", "/root/.ssh/authorized_keys", copy=True) ) @app.function(image=image, timeout=3600) def some_function(): subprocess.Popen(["/usr/sbin/sshd", "-D", "-e"]) with modal.forward(port=22, unencrypted=True) as tunnel: hostname, port = tunnel.tcp_socket connection_cmd = f'ssh -p {port} root@{hostname}' print(f"ssh into container using: {connection_cmd}") time.sleep(3600) # keep alive for 1 hour or until killed ``` If you intend to use this more generally, a suggestion is to put the subprocess and port forwarding code in an `@enter` lifecycle method of an @app.cls, to only make a single ssh server and port for each container (and not one for each input to the function). z(The port argument should be an int, not rizInvalid port number z(H2 can only be used with encrypted portsNz4Forwarding ports only works inside a Modal container)rr( tunnel_typezPort z is already forwardedzRelay server is unavailable)r) isinstancer%r r from_env client_typerCLIENT_TYPE_CONTAINERTUNNEL_TYPE_H2TUNNEL_TYPE_UNSPECIFIEDstub TunnelStartTunnelStartRequestr r r rrrrr TunnelStopTunnelStopRequest)rr(r)r*r+responseexcrrr_forward4s4 v  :r9)r"collections.abcr dataclassesrtypingrsynchronicity.async_wrapr modal_protor_utils.async_utilsrr*r exceptionr r r r rr%boolr9forwardrrrrs4       "