I am using Jetty's ConnectHandler to proxy SSL via CONNECT.
Now I'd like to configure the ConnectHandler to forward requests to another proxy which will handle the CONNECT for me.
Is there a way to configure the ConnectHandler to do this?
I checked the ConnectHandler source code but couldn't find a way to do this.
Related
I want to map a domain with my spring websocket deployed on server(tomcat) over port 8090.
I need to access my application through proxy passing over apache 2.4 installed on centOS.
The application(.war file) is being accessed from a client build on
react and this client is on another server.
I followed each step of below article but it is not working in my case.
Getting below error :
WebSocket connection to 'ws://xyz/abc/greeting/251/lcnlhdwc/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400
Please help me.
WebSockets and Apache proxy : how to configure mod_proxy_wstunnel?
I'm trying to use tor, socksipy and ssl to proxy a ssl connection. My client looks like this:
import socks, ssl
s = socks.socksocket()
s.setproxy(socks.PROXY_TYPE_SOCKS5,"127.0.0.1", 9050)
ssl_sock = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
ssl_sock.connect(('127.0.0.1', 443))
The server just accepts connections and prints getpeername.
The peer name is always 127.0.0.1. It doesn't even matter if I give it a non-valid proxy. The client won't complain, it will connect anyway.
How do I make it connect through the proxy?
I managed to figure it out so I will leave the answer here for future reference.
The first problem was that I tried to connect to 127.0.0.1. As the request was proxied, the proxy would try to connect to 127.0.0.1, so it would try to connect to itself, not to me.
I had to configure my router to forward requests on port 443 to my laptop and then I replaced 127.0.0.1 with my routers IP.
After that was out of the way, I found out that socksipy doesn't play very well with ssl.
I had to call connect on the socket before wrapping it, otherwise I'd get a handshake failure. The code became:
import socks, ssl
s = socks.socksocket()
s.setproxy(socks.PROXY_TYPE_SOCKS5,"127.0.0.1", 9050)
s.connect(('127.0.0.1', 443))
ssl_sock = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
After that, everything was working fine.
How to add secured ssl support in the thunderpush websocket server, i was looking in there doc but did not find any answers how to add the certificate file to the server.
not sure how we can achieve it.
Never tried it, but I guess you can use a haproxy with ssl terminate setup. Haproxy will accept ssl traffic and forward it to non ssl thunderpush backend.
Regards,
Vangelis
I need to setup a reverse proxy which intercepts HTTPS requests, decrypts them, performs body adaptation and finally forwards the re-encrypted request.
I'm now using Squid which provides support for eCAP plugins and ssl bumping: http://wiki.squid-cache.org/Features/SslBump
If I understood well, by configuring SSL bumping I can do exactly what I said above. However, ssl bumping is not working for now.
Here is my Squid configuration:
https_port 8080 cert=/etc/squid/cert.pem key=/etc/squid/key.pem
http_port 3128 ssl-bump cert=/etc/squid/cert.pem key=/etc/squid/key.pem dynamic_cert_mem_cache_size=4MB generate-host-certificates=on
cache_peer 52.170.25.214 parent 8080 0 no-query originserver login=PASS
#always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
Client-side, when trying to send a request to https:// 127.0.0.1:8080 I'm getting the following error:
Connection reset by peer
This happens if the destination server is running HTTPS. Looks like Squid is trying to establish a simple HTTP connection instead of a HTTPS request. Indeed, server-side I'm getting a SSL23_GET_CLIENT_HELLO error.
Is there anything wrong in my configuration? Is there anything I missed in how SSL bump works?
I digged into the problem and here is what I found:
1) ssl-bump option is not needed
2) the problem was that in the following line the ssl option was missing
cache_peer 52.170.25.214 parent 8080 0 no-query originserver login=PASS **ssl**
I would like to run a small http proxy server on my machine which sends all requests to an upstream / cascading proxy server.
Twisted Web HTTP Proxy -> Squid -> Internet connection
Unfortunately I cannot figure out how to send all ProxyClient requests upstream / cascade them to Squid. Could you give me a hint?
Do I have to use reactor.connectTCP and HttpClientFactory for this and somehow direct the Squid response through?
I have used the following Twisted code sample to get the twisted http proxy up:
from twisted.web import proxy, http
from twisted.internet import reactor
from twisted.python import log
import sys
log.startLogging(sys.stdout)
class ProxyFactory(http.HTTPFactory):
protocol = proxy.Proxy
reactor.listenTCP(8080, ProxyFactory())
reactor.run()
Thanks,
Mathias
I think you're over complicating things. To me, it sounds like what you want to do is round-robin load balance http proxy requests between two squid services.
If it was me, I wouldn't write a byte of code and use something off the shelf.
I'd use HA-Proxy with a configuration something like this:
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend loadbal
bind *:3128
default_backend squids
option http_proxy
backend squids
option http_proxy
server squid1 192.168.1.2:3128
server squid2 192.168.1.3:3128
balance roundrobin
You might need to do some playing around, some webservices may require certain types of stickiness, but this application is highly configurable in this regard. It looks like HA-Proxy v 1.4 supports keep alive connections, which may simplify some of the corner cases I can imagine.
Oh, also, if you're trying to get the most out of your two connections, I'd suggest that you configure ICP between your two squid boxes.
This sounds like something twisted.web.proxy.ReverseProxyResource might be good for.