proxy Archives - Lintel Technologies Blog

how to setup apache proxy for django application

Apache HTTP Server can be configured in both a forward and reverse proxy (also known as gateway) mode.

forward proxy

An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target. The proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.

A typical usage of a forward proxy is to provide Internet access to internal clients that are otherwise restricted by a firewall. The forward proxy can also use caching (as provided by mod_cache) to reduce network usage.

The forward proxy is activated using the ProxyRequests directive. Because forward proxies allow clients to access arbitrary sites through your server and to hide their true origin, it is essential that you secure your server so that only authorized clients can access the proxy before activating a forward proxy.

reverse proxy

A reverse proxy (or gateway), by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the namespace of the reverse proxy. The reverse proxy then decides where to send those requests and returns the content as if it were itself the origin.

A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall. Reverse proxies can also be used to balance load among several back-end servers or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to bring several servers into the same URL space.

A reverse proxy is activated using the ProxyPass directive or the [P] flag to the RewriteRule directive. It is not necessary to turn ProxyRequests on in order to configure a reverse proxy.

django application

I am running my gunicorn application on port 8090 using following command.

/opt/venv/bin/python3.6 /opt/venv/bin/gunicorn --config /etc/controlpanel/gunicorn/controlpanel.py --pid /var/run/controlpanel.pid controlpanel.wsgi:application

static files path is /opt/controlpanel/ui-ux/static/

apache config (/etc/apache2/sites-enabled/cp.conf)

enable mod_proxy module in apache

<VirtualHost *:80>

ServerName devcontrol.lintel.com
ErrorLog /var/log/httpd/cp_error.log
CustomLog /var/log/httpd/cp_access.log combined

ProxyPreserveHost On
ProxyPass /static !
ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/
ProxyTimeout 300

Alias /static/ /opt/controlpanel/ui-ux/static/
<Directory "/opt/controlpanel/ui-ux/static/">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

</VirtualHost>

ServerName devcontrol.lintel.com

ErrorLog /var/log/httpd/cp_error.log

CustomLog /var/log/httpd/cp_access.log combined

ProxyPreserveHost On

ProxyPass /static !

ProxyPass / http://127.0.0.1:8090/

ProxyPassReverse / http://127.0.0.1:8090/

ProxyTimeout 300

Alias /static/ /opt/controlpanel/ui-ux/static/

Options Indexes FollowSymLinks

AllowOverride None

Require all granted

</Directory>

</VirtualHost>

after deploying on Apache you can use lets encrypt to install SSL certificates.

How to setup SOCKS proxy in Linux

A SOCKS server is a general purpose proxy server that establishes a TCP connection to another server on behalf of a client, then routes all the traffic back and forth between the client and the server. It works for any kind of network protocol on any port. SOCKS Version 5 adds additional support for security and UDP.

Use of SOCKS is as a circumvention tool, allowing traffic to bypass Internet filtering to access content otherwise blocked, e.g., by governments, workplaces, schools, and country-specific web services

Using SSH

SOCKS proxies can be created without any special SOCKS proxy software if you have Open SSH installed on your server and an SSH client with dynamic tunnelling support installed on your client computer.

ssh -D 1080 user@&lt;IP Address or Domain of your Server&gt;

1 2	ssh -D 1080 user@<IP Address or Domain of your Server>

Now, enter your password and make sure to leave the Terminal window open. You have now created a SOCKS proxy at localhost:1080. Only close this window if you wish to disable your local SOCKS proxy.

Using Microsocks program

MicroSocks is a multithreaded, small, efficient SOCKS5 server.

It’s very lightweight, and very light on resources too:

for every client, a thread with a stack size of 8KB is spawned. the main process basically doesn’t consume any resources at all.

the only limits are the amount of file descriptors and the RAM.

It’s also designed to be robust: it handles resource exhaustion gracefully by simply denying new connections, instead of calling abort() as most other programs do these days.

another plus is ease-of-use: no config file necessary, everything can be done from the command line and doesn’t even need any parameters for quick setup.

Installing microsocks

git clone https://github.com/rofl0r/microsocks.git

cd microsocks

make

Starting socks service

microsocks -1 -i listenip -p port -u user -P password -b bindaddr

1 2	microsocks -1 -i listenip -p port -u user -P password -b bindaddr

all arguments are optional. by default listenip is 0.0.0.0 and port 1080.

option -1 activates auth_once mode: once a specific ip address authed successfully with user/pass, it is added to a whitelist and may use the proxy without auth. this is handy for programs like firefox that don’t support user/pass auth. for it to work you’d basically make one connection with another program that supports it, and then you can use firefox too.

Howto reverse proxy in nginx

Proxying is typically used to distribute the load among several servers, seamlessly show content from different websites, or pass requests for processing to application servers over protocols other than HTTP.

When NGINX proxies a request, it sends the request to a specified proxied server, fetches the response, and sends it back to the client. It is possible to proxy requests to an HTTP server (another NGINX server or any other server) or a non-HTTP server (which can run an application developed with a specific framework, such as PHP or Python) using a specified protocol.

1. To pass a request to an HTTP proxied server, the `proxy_pass` directive is specified inside a `location`. For example:

location /some/path/ {
proxy_pass http://www.example.com/link/;
}

location /some/path/ {

proxy_pass http://www.example.com/link/;

}

2. This address can be specified as a domain name or an IP address. The address may also include a port:

location ~ \.php {
    proxy_pass http://127.0.0.1:8000;
}

location ~ \.php {

proxy_pass http://127.0.0.1:8000;

}

3. To pass a request to a non-HTTP proxied server, the appropriate **_pass directive should be used:

fastcgi_pass passes a request to a FastCGI server
uwsgi_pass passes a request to a uwsgi server
scgi_pass passes a request to an SCGI server
memcached_pass passes a request to a memcached server

4. Passing Request Headers

location /some/path/ {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://localhost:8000;
}

location /some/path/ {

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_pass http://localhost:8000;

}

5. To disable buffering in a specific location, place the `proxy_buffering` directive in the `location` with the `off` parameter, as follows:

location /some/path/ {
    proxy_buffering off;
    proxy_pass http://localhost:8000;
}

location /some/path/ {

proxy_buffering off;

proxy_pass http://localhost:8000;

}

forward proxy

reverse proxy

django application

apache config (/etc/apache2/sites-enabled/cp.conf)

Using SSH

Using Microsocks program

1. To pass a request to an HTTP proxied server, the proxy_pass directive is specified inside a location. For example:

2. This address can be specified as a domain name or an IP address. The address may also include a port:

3. To pass a request to a non-HTTP proxied server, the appropriate **_pass directive should be used:

4. Passing Request Headers

5. To disable buffering in a specific location, place the proxy_buffering directive in the location with the off parameter, as follows:

1. To pass a request to an HTTP proxied server, the `proxy_pass` directive is specified inside a `location`. For example:

5. To disable buffering in a specific location, place the `proxy_buffering` directive in the `location` with the `off` parameter, as follows: