I don't know if it is even possible but it would nice to allow downloads only through https.
For example, there are Jenkins mirrors that use http or https. I want that homebrew only pickups the last one
Related
I created a simple web-based email client like gmail. I want to display images, but in order to do it with my ssl site, I need all images served over ssl (otherwise I get "mixed-content" warnings). So I need a reverse proxy like gmail has to serve those images.
I will rewrite all image urls in the email to point at the reverse proxy. For example:
My reverse proxy is https://myreverseproxy.com
original image url http://stuff.com/image1.jpg
I will rewrite the url to be https://myreverseproxy.com?image-url=http://stuff.com/image1.jpg
When the reverse proxy gets the request "https://myreverseproxy.com?image-url=http://stuff.com/image1.jpg" it will get the original image from the query parameter image-url (http://stuff.com/image1.jpg), fetch the image, and return it to the requester of https://myreverseproxy.com?image-url=http://stuff.com/image1.jpg.
Are there any services that do this out of the box? Could I write one that's simple? Are there any libraries or solutions already for this that I could just install somewhere?
I'm open to any language and any platform...I just want this issue resolved.
I would suggest the same thing as Tudor: a proxy written in node.
However, I would advise using a more broadly used and tested library such as node-http-proxy. It is really simple to setup, and will achieve what you need in less than 20 lines of code.
var httpProxy = require('http-proxy')
httpProxy.createServer({
target: {
host: 'stuff.com',
port: 80
},
ssl: {
key: fs.readFileSync('./ssl-key.pem', 'utf8'),
cert: fs.readFileSync('./ssl-cert.pem', 'utf8')
}
}).listen(443);
If a client then accesses https://reverseproxy.com/image.png, the process would go as follows
I have assumed in this schema that the reverse proxy runs on a different server as the webserver serving the images, but this does not have to be the case. If they both run on the same server, just use host: 'localhost' in the target section.
--
Just in case you are not familiar with Node, here's what you need to do in order to quickly run this setup.
Install Node
Create a new file containing the code in yourprojectpath/index.js
Generate a package.json file by running npm init in your project's directory
Run npm install --save http-proxy to install the http-proxy library and be able to use it in the code
You should now be able to run the reverse proxy by running
node index.js
If you are planning on using this in production, I highly recommend you take a look at PM2. It is a process manager for node which basically ensures that your application is always running, no matter what. In particular, it will restart it if any kind of exception is thrown from the application and would have caused it to terminate.
Installation:
npm install -g pm2
Usage:
pm2 start index.js
A few more notes:
make sure that your .pem files have appropriate permissions and owner. chmod 400 is usually a good option (only readable by owner). The user running the Node application should be able to read them, though.
if your server runs behind a (software or hardware) firewall, you may need to open your port 443 to incoming traffic
depending on your SSL certificate provider, you might need to convert the files it will provide you to the PEM format
if needed, node-http-proxy supports additional options such as adding headers when a request is proxied
the script I presented above assumes you have ssl-key.pem and ssl-cert.pem in the same directory as it
Hope that helps! And just ask if something looks unclear to you
Here's how to create self-signed certificates, if you don't have any
Nodejitsu docs
Now for the code, which is written in node.js:
HTTPS proxy
...and a screenshot :)
It can be done easily with nginx. Btw, it can be done like you ask and it is also possible to make urls exact same like origin url. For example cdn.xxx.com/img.jpg - www.xxx.com/img.jpg.
Richard, You can resolve the issue of mixed content easily by enabling CORS in nginx config file, here is a example http://enable-cors.org/server_nginx.html. In this it is alllowing cors for everyone, you can set for a particular domain or ip, you need to look in more details.
As the title says, I need to configure perforce to use a proxy server. To clarify, I am not talking about using Perforce Proxy, but to actually connect to the perforce server (in this case perforce.assembla.com:1666) through a proxy.
Looks like you need a SOCKS proxy.
There are plenty of open source solutions depending on the platform you are using. https://wiki.debian.org/SOCKS
The only way i've found so far to do this is by installing an extra software that forces perforce to use a socks proxy.
1) you set up whatever proxy you want to use
2) you install AllProxy
3) Add your proxy to the proxy list
4) In Manage Rules add a rule.
- On Proxy choose your proxy
- On programs add perforce. Search for p4v.exe (or whatever) (its easier if perforce is already running).
- On remote destination specify the port, or leave to any.
Then use perforce as normal.
Note: there's a default route that goes direct (not using proxy).
Also for HTTP proxy you can set it globally under Windows Proxy settings (on Win10), or use AllProxy.
Note2: This info is based on this answer.
Note3: AllProxy is the only listed soft that worked for me. You could still try the longer route.
I want to run diaspora without ssl in my home based webserver in production mode. How can I do that? Are there any switches/options that I can turn off?
Yes, you can just set require_ssl to false in your config/diaspora.yml. Then restart Diaspora and make sure to clear your browsers cache, since redirects are cached by most browsers.
If you're using a reverse proxy also make sure you don't blindly follow the example configurations Diaspora provides, they do redirect from HTTP to HTTPS.
However we strongly recommend to not do that, you can get a free certificate from startssl.com.
I'm facing an little issue here. At the place I live, they shape the download speed by extension (using delaypool). Is there any script that I can run on my web that will let me enter the URL of files that I wanted to download, then it will download the file and rename it to "originalfilename.abc" (because .abc is not shaped)then save it on my web where I can download it. By the way, I have a paid webhosting service.
Thanks
I tried the SSH (my web hosting does indeed provide me with shell access) but all I get is a blank page in my browser. No error. Please advice.
Also, reason I choose script on the server instead of SSH because I though that SSH would be slower than direct HTTP download from my webserver. Can anyone point that out if I'm right or wrong with my thinking.
Thanks
You can write a vbs script or even batch file script that will go to a designated URL, and then download the file, then rename it. Then you can script FTP commands to upload to your webhosting service (I'm sure it has an FTP site for access). You could load this as a scheduled task, or run it manually.
I'd do either one of these routes.
A simpler (once its set up anyway ;) option I can think of is going through a secure tunnel. Whilst this is not quite answering your question I believe this to be simpler while achieving the same thing.
Get an SSH Client (Putty) and get a free Proxy. If your web-server has an SSH-server you can use it as Proxy as well of course, I am using my modified router at home as proxy via DynDns, but the Tor-Network will work, if very slow, so do other official free and paid proxy servers. If you are using an application to download that does not have the option to specify a proxy, get Proxifier Portable.
Use Putty to create the tunnel. Here some how-tos:
http://oldsite.precedence.co.uk/nc/putty.html
http://www.techrepublic.com/blog/security/use-putty-as-a-secure-proxy-on-windows/421
http://kimmo.suominen.com/docs/proxy-through-ssh/
And set your application to use your proxy (or actually to use putty which connects via SSH to your proxy) by entering 127.0.0.1:1080 into the proxy settings. Alternatively, if the app does not have an option to enter proxy settings, add 127.0.0.1:1080 to your Proxifier proxy list and add the applications that are supposed to use that connection to Proxifier.
Now you can do pretty much everything without anyone eavesdropping your connection stream being able to tell what it is, as the connection stream is SSH encrypted. This includes surfing websites that your provider/company/mother has blocked, download anything - even if blocked by IP/name/whatever-filters and even play MMORPGs from work (something which I do not recommend because it will get you fired and there is always some way for someone to figure it out, just saying it is possible to do even in secured company/school networks as Port 22 (SSH) is usually one of the 2 Ports which are open on pretty much any network (the other one being port 80)).
Its a wee bit of a pain to set up. Once it is working though, you can even put it on a usb-stick and use it pretty much anywhere as long as you remember what proxy to connect to. And you wont have to rewrite scripts to try to circumvent the delaypool thingy.
I suspect that the corporate firewall is preventing gems from getting installed. I have HTTP_PROXY defined and I'm able to view remote gems via the following command:
jruby -S gem list -r
But when I go to install a gem, I get a 404:
jruby -S gem install rails
Is there a good workaround for resolving this issue other than maintaining an internal gem repository?
for ruby gems, placing this in my gem.bat this works for me
#"%~dp0ruby.exe" "%~dpn0" %* --http-proxy http://domainname.ccc.com:8080
for jruby gems this works
#"%~dp0jruby.exe" "%~dpn0" %* -p http://domainname.ccc.com:8080
Also setting the environment variable works like
set http-proxy=http://domainname.ccc.com:8080
or if your proxyserver needs authentication
set http-proxy=http://user:password#host:port)
EDIT: for folks who have a very restrictive firewall or no internet accesss (eg on a server) you can do the following: install the gem(s) on a pc who has free access to internet, afterward you check the folder C:\Ruby193\lib\ruby\gems\1.9.1\cache and copy all the gems with a date last modified after the moment you did your install. On the target pc you copy them in the same folder or if you clean up afterward in your bin folder and start the install there with
c:\ruby193\bin\gem.bat install --local gemname-x.x.x.gem
gemname-x.x.x.gem being the gem filename of the base gem you want to install. The gem with all its dependencies should install. This is for windows, but other OS's can use the same technique, just adapt a few things.
Success
Look in Internet Explorer proxy settings to find the name of your proxy server.
Use the name of your proxy server in the -p option to the gem command.
gem update rails -p http://mylocalproxy.mycompany.com
If this doesn't work, you can always set your own proxy server up on the internet somewhere.
I'm not an expert with Ruby. None the less I might give the following "generic" advices (useful for lots of situations with installers) :
Check which protocol is the installation running over. Some installer download package from mirror instead of main site, and some mirrors might be using FTP or something else instead of HTTP. Thus you might need to update your settings accordingly, and check with your admin that the corporate proxy is able to retrieve data from FTP sites.
Check which user the installer is running as (some of the installer have to escalate privileges to "root". And therefore inherit a different environment with another HTTP_PROXY defined).
Check what the installer program is using to download the packages (lots of distribution package managers rely on curl/libcurl which stores its proxy parameters in a rc file). Same warning as 2 regarding the users whose homedir should contain the rc file.
Transparent proxying : it is possible to transfer on-the-fly HTTP/FTP requests initially targeting the web to a proxy. Either the corporate proxy (if it can work with such an installation) or some mini local proxy which will then cascade to the corporate one.
Setup a quick VPN (either Tunnel other PPP) over SSH (see SSH's man page) between your machine and a special machine within the corporation which is allowed to see the web, then update your routing tables to route traffic through the VPN.
You can also use corkscrew to connect through SSH (and thus be able to install a VPN over SSH like 5) with a machine outside, on the other side of the corporate firewall, like your own at home. (this uses the HTTPS "CONNECT" mode of the proxy to access a SSH outside). Just make sure that the admins are- or at least one person in charge is- kept in loop and don't panic.
Desperate measure : create a tunnel between two machines running each http tunnel, over a proxy which only allows HTTP requests. Then use the tunnel to establish SSH VPN.
These solutions aren't specific to Ruby but can help you through any desperate solution behind an over-restrictive firewall.
1 to 4 should work in most situation. You'll have to resort to 5 to 7 if confronted with some bizarre and/or paranoid firewalls. 7 is rather extreme but always works, although sometimes with catastrophic performance.
Simple thing first: are you in the same shell session when you tried both the list and the install? Maybe you forget to set the env second time around?
Try setting http_proxy instead of HTTP_PROXY.
Make sure the proxy setting is a valid URL (see below)
Do you have multiple proxy options? Open IE and type wpad in the address bar. You might see some other possibilities.
Is your proxy authenticated? If so, do you have your credentials in the URL. Mine is like this (on windows):
set http_proxy=http://myuserid:mypassword#internetproxy:3128
Does your your password have any punctuation characters? Try it with just numbers and letters, as : and # (and possibly others) are significant in the URL string itself.
You can use this tool:
http://ntlmaps.sourceforge.net/
gems don't support proxy authentication, so going through a secondary proxy (like, say, YOUR machine) that does the authentication for you and lets gems think there is no authentication happening should make your life easier.
Another stupid question, but what's the corporate proxy software ? Some Windows-based software tend to used weird authentication standards (NTLM hashes, etc.) which aren't supported by all clients (wget doesn't support it, for example), but are supported by lots of browsers.
Thus even if you tried writing the username and password into the proxy URL, it won't work when you try to download and install a packages, although it works pretty well when you try to display a page in FireFox. I've had similar problems with some corporate network and my distro's package manager.
In these situation, you might use something like ntlmaps. You use it as a local proxy which will then cascade the requests to the corporate proxy. The good thing is that ntlmaps will be able to authenticate the weird NTLM password with the corporate proxy, and all your applications will be able to connect to ntlmaps, even those which don't support NTLM.
I've retested this since the gemcutter.org folks made the mode to Amazon's Cloudfront and am able to download gems again through my employer's firewall.
I described a procedure to get around any restrictions of a corporate firewall in:
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
It basically uses an ssh tunnel and the programm tsocks.
1.GO to the drive in which you installed ruby.
2.you will find a folder named "ruby200-x64" or something similar to it based on which version you installed.
3.inside the folder open ...bin/
4. find gem.bat, open it with any text editor you will find a bunch of settings.
5. after #"%~dp0ruby.exe" "%~dpn0" %* place you proxy server address and port.
**
#"%~dp0ruby.exe" "%~dpn0" %* --http-proxy
http://domainname.ccc.com:8080
**