I'm using Charles to debug HTTP requests, but it seems that Go's network stack ignores the system proxy settings (on OSX) and the requests are not logged.
How do I tell Go that the requests should use the proxy?
I just had this exact issue, and the accepted solution did NOT solve it for me. That's because my $HTTP_PROXY environment variable was not set!
I was able to solve it by setting up my environment variables as per indicated here: http://www.bonusbits.com/wiki/HowTo:Setup_Charles_Proxy_on_Mac Then once the variable was set correctly, I didn't even need to apply a custom Transport to my client. It worked with the default transport.
Perhaps because I'm using a custom shell (zsh) this didn't happen automatically. However what's interesting is that python would correct appear in Charles Proxy in the same shell while Go would not. Updating my .zshrc (or whatever shell or profile you are using's config) to export the appropriate variables worked.
You can get proxy info using ProxyFromEnvironment function. Then you create http client using transport (represented by RoundTripper interface) that has info about your proxy settings:
var PTransport http.RoundTripper = &http.Transport{Proxy: http.ProxyFromEnvironment}
client := http.Client{Transport: PTransport}
Then you just do http request using the info transport gets from passed function to Proxy struct field. Proxy info will be taken from $HTTP_PROXY environment variable.
Related
I'm trying to use internal service DNS for service-to-service HTTP communication.
If I try to curl a pod from another deployment pod it is working but unable to use it in golang net/http service
2023/01/27 15:48:37 oauth2.go:90: oauth2 url http://hydra-admin.microservices.svc.cluster.local:4445/oauth2/auth/requests/login/accept
2023/01/27 15:48:37 oauth2.go:101: Unable to make http request Put "http://localhost:4445/admin/oauth2/auth/requests/login/accept?login_challenge=b569006c8b834a298cf1cd72e2424953": dial tcp [::1]:4445: connect: connection refused
hydra-admin.microservices.svc.cluster.local is resolved to localhost when the API call is made
but curl works as you see below
/ # curl -X PUT http://hydra-admin:4445/admin/oauth2/auth/requests/login/accept?login_challenge=6f51146e49c54b739de8a37b25a72349
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Unable to decode body because: EOF"}
What am I missing here?
Per my comment, depending on how you are building your go executable will have an effect on how it behaves within a k8s environment. Are you using a scratch image or a CGO_ENABLED=1 image?
From the dns package docs there's a caveat on DNS behavior
By default the pure Go resolver is used, because a blocked DNS request
consumes only a goroutine, while a blocked C call consumes an
operating system thread. When cgo is available, the cgo-based resolver
is used instead under a variety of conditions:
... when /etc/resolv.conf or /etc/nsswitch.conf specify the use of features
that the Go resolver does not implement, and when the name being
looked up ends in .local or is an mDNS name.
So I would suggest - to maximized your success rate for both external & internal DNS requests - building your go executable for k8s like so:
CGO_ENABLED=1 go build -tags netgo
I have a custom API running on http://127.0.0.1:8080 and I have my own chainlink node running on http://127.0.0.1:6688. I get the error saying "Connections to local/private and multicast networks are disabled by default for security reasons: disallowed IP" when sending requests.
I guess maybe we can enable it by modifying the env file, but I don't know which configuration should I change. Does anyone know if we can enable these local/private connections? and how to do that?
Per the chainlink docs on the http task:
allowUnrestrictedNetworkAccess (optional): permits the task to access a URL at localhost, which could present a security risk. Note that Bridge tasks allow this by default.
ie:
my_http_task [type="http"
method=PUT
url="http://chain.link"
requestData="{\\"foo\\": $(foo), \\"bar\\": $(bar), \\"jobID\\": 123}"
allowUnrestrictedNetworkAccess=true
]
You can also use this flag in JSON
I discovered OpenSIPS and all the possibilities a few days ago. I would just use it as a simple SIP proxy to get started. Proxy between my designated UAC and my UAS (asterisk, not natted). The goal is to use a proxy to prevent bot attacks on my UAS.
After installing OpenSIPS, I tried to configure my XLITE (natted) by simply adding the proxy URL in the configuration. It works, I register and I can see in my UAS peers my extensions with proxy IP. But when I make a call, I got a forbidden error. In debug mode, the log does not talk to me, I see a lot of information but nothing about this error.
I did not make any changes to the default configuration script. Is this behavior normal?
I also tried with VM on public IP as UAC (so not named), same thing.
Thank you for your help.
Olivier
Most likely, your SIP INVITE is hitting this block:
if (!is_myself("$rd")) {
send_reply("403", "Relay Forbidden");
exit;
}
What this means is that your OpenSIPS does not consider itself responsible for the domain (or IP) that your SIP UA has placed in the Request-URI and is trying to route towards. To fix this, just whitelist the Asterisk IP as a local (recognized) domain using the alias statement:
listen = udp:*:5060
alias = 1.1.1.1
I'm working with an application that interacts with Google Cloud PubSub. It works fine in normal scenario but I want to enable proxy support so I was going through Publisher.Builder and Subscriber classes and their APIs to see if there are any APIs available to enable proxy support. I managed to find only the setChannelProvider but I'm not sure whether that will work or not.
The following code snippet is what I'm thinking of using but that doesn't seem to work.
ManagedChannel channel = ManagedChannelBuilder.forAddress(proxyHost, proxyPort).build();
TransportChannelProvider channelProvider = FixedTransportChannelProvider.create(GrpcTransportChannel.create(channel));
publisherBuilder.setChannelProvider(channelProvider);
I wasn't able to successfully publish or pull messages to the cloud service. I get the following error:
java.util.concurrent.ExecutionException: io.grpc.StatusRuntimeException: DEADLINE_EXCEEDED: deadline exceeded after 9978300322ns
So I wanted to know does the PubSub service support proxy through APIs or does it only support the proxy setting i.e. host and port to be provided in the environment path only.
You can specify the proxyHost/port directly using JVM args https.proxyHost, https.proxyPort
mvn clean install -Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 exec:java
then just directly create a client of your choice
TopicAdminSettings topicAdminSettings = TopicAdminSettings.newBuilder().build();
TopicAdminClient topicAdminClient = TopicAdminClient.create(topicAdminSettings);
FYI- Setting ManagedChannelBuilder.forAddress() here overrides the final target for pubsub (which should be pubsub.googleapis.com 443 (not the proxy)
Here is a medium post i put together as well as a gist specificlly for pubsub and pubsub+proxy that requires basic auth headers
finally, just note, its https.proxyHost even if you're using httpProxy, ref grpc#9561
Proxy authentication via HTTP is not supported by Google Pub/Sub, but it can be configured by using GRPC_PROXY_EXP environment variable.
I found the same error that you got here (that's why I assume you are using HTTP) and it got fixed by using what I said.
You need to set JVM args: https.proxyHost, https.proxyPort
for proxy authentication an additional configration is needed before any client creation:
Authenticator.setDefault(new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return
new PasswordAuthentication(proxyUsername,proxyPassword).toCharArray());
}
I'm trying to configure an MQ client connection (using amqsgetc for the moment).
I need to use SSL to get access using channel authentication records.
It works perfectly when using a CHLTAB, but I can't find a way to do the same using mqclient.ini file.
I think I have looked all over the documentation, but do not see an option to specify the cipher spec I need, neither in the ini file itself, nor in an environment variable.
AMQERR01.log keeps telling me my client did not specify the cipher spec.
Below is the mqclient.ini I use. (the file works fine when I'm using a non-SSL channel)
CHANNELS:
DefRecon=YES
ServerConnectionParms=LAURENT_PC450_SSL/TCP/localhost(1414)
SSL:
SSLKeyRepository=C:\ProgramData\IBM\MQ\qmgrs\LAURENT_PC450\ssl\clientkey
CertificateLabel=ibmwebspheremqlaurent
SSLCipherSpec=ssl_rsa_with_3des_ede_cbc_sha
The mqclient.ini can specify the equivalent of the MQSERVER environment variable or the MQCHLLIB/MQCHLTAB environment variables.
When providing the client connection details via MQSERVER environment variable or mqclient.ini equivalent you can not specify encryption details.
To specify encryption details you can use one of the follow:
Specify this programmatically using MQCONNX in the MQCD provided by ClientConnOffset and ClientConnPtr in MQCNO.
A pre-connect exit can also override or provide the details above by modifying the MQCD if present or providing a MQCD.
If a MQCD is not found then a MQ Channel Table pointed to by the MQCHLLIB/MQCHLTAB environment variables or the mqclient.ini equivalent of this.