I have a little Clojure app that uses http-kit to send some http post requests to a server. I want to route the https POST request through a proxy P, ie. I want the traffic to go like App->Proxy->Server.
(This is because the target host X restricts access based on IP)
Is this possible?
Also the App runs on an ubuntu server, are there maybe system-level configurations possible to make http-kit use a proxy server? I prefer other processes to be unaffected though.
http-kit is supposed to follow the standard method of configuring proxies in Java:
-Dhttp.proxyHost=proxyhostURL \
-Dhttp.proxyPort=proxyPortNumber \
-Dhttp.proxyUser=someUserName \
-Dhttp.proxyPassword=somePassword
which you can set in your lein profile or in the application server if you are using one.
http-clj now support proxy: https://github.com/dakrone/clj-http#proxies
For http-kit, according to the author's reply in this issue, the answer is NO.
But the good news is fewer weeks before it support basic HTTP proxy ( commit a207537 on http-kit ).
After all, it seems there is no way to set up a system wide proxy for JVM applications.
Related
I hope you have an idea.
I am working with an ActiveMQ Artemis Broker and installed a metrics plugin to use with prometheus and grafana (https://github.com/rh-messaging/artemis-prometheus-metrics-plugin/). Like the instruction says, I added <app url="metrics" war="metrics.war"/> to the bootstrap.xml
We're working with a vendor providing us with the Grafana dashboards as long as we are providing metrics they can work with. The problem is that the vendor wants to access the metrics page (https://activemq:port/metrics) via HTTP and not HTTPS, which is configured in the bootstrap.xml ( <web bind="https://0.0.0.0:port" path="web" keyStorePath=...) Their effort would be disproportionately high to change their system to work with HTTPS now.
Is it possible to configure the jetty-Webserver to serve the console etc. via HTTPS and the URL activemq:port/metrics via HTTP?
I tried to add another web-container in the bootstrap.xml, now binding bind="http://0.0.0.0:port/" and adding the metrics plugin in it but the webserver wasn't happy with two web-containers :/
Thanks for your help :)
This is not currently possible. However, the project could be enhanced to support multiple web instances in bootstrap.xml. Contributions are always welcome.
Sorry for the basic question (I'm new with gRPC).
Is it possible to use http transcoding without google cloud platform & endpoints?
(Referring to this article: https://cloud.google.com/endpoints/docs/grpc/transcoding)
I'm currently trying to create a mock-application and we are trying to have some sort of frontend with a UI (or can go headless browser in the beg.) that can send HTTP requests to the Extensible Service Proxy, and then ESP will transcode the HTTP request to HTTP2 so that it can be sent as a request to our gRPC services. I think K8s is a bit overkill since we'll only have a few containers (and not too familiar with deployment in k8s).
I'm trying to just use grpc-node, and want to do http mapping in ESP.
Can we just import <import "google/api/annotations.proto";> into our protofile and get this functionality of HTTP mapping?
As mentioned by DazWilkin, your best option would be to use the Envoy Proxy.
If you are used to using Docker, there is a container of the application available here.
Regards,
Frederic
I want to connect from webserver via dedicated proxy to the intranet. I am not sure if it matters I want to send and receive XML. It would be great if I could use HTTP.
I know of one open port 78xx which I successfully used with a TCP socket as described in this excellent tutorial
Is it possible? Or does the answer depend on the actual proxy configuration - if it scans for the protocol, and dislikes it it's gonna be blocked!?
And what library would you recommend? I just found pion - Can i link it statically? It's almost not possible to install sth on the web server for me.
EDIT My question is probably two-fold:
First, I have to add, there is an existing communication client+server, but the server is a mixup of the concrete socket and networking implementation and the API to the database, consisting of about 10 commands I find hard to extend. So I ask for a generic lib so I can rewrite that API from scratch.
Second, I need session handling, the webapplication passes the user login data to that client and there is a session-id returned which is used for all further communication - until it expires. That was the reason I asked for HTTP, but meanwhile i realized http itself is stateless.
The answer is.... in progress.- I need to practice more with c++ tcp libs etc.
My post was unfortunately hard too understand, Had some confusion about that all.
We are running nginx as a reverse proxy that forwards requests to a Clojure application running Compojure, a library that wraps around Jetty and provides our application with the ability to service web requests.
We currently capture logs generated by both nginx and the Clojure application (via log4j to syslog). We are unable, however, to match an entry in the nginx log to an entry in the syslog output of the Clojure application.
We need to figure out a way to modify the request sent upstream to the Clojure app to include some kind of ID. This could be an integer, UUID, whatever.
Do you have any suggestions as to how best to accomplish this?
Thanks for your help!
Compojure is written on ring and ring has middleware :)
you would write a middleware called with-uuid that adds the UUID to the request map on the way in and to the reply on the way out.
Of course the best approach would be an nginx module, duplicating the functionality of apache's mod_unique_id.
There doesn't seem to be one yet. Here's a patch that wants to graduate to a module someday.:
http://mailman.nginx.org/pipermail/nginx-devel/2011-June/001015.html
I am pretty new to security aspect of application. I have a C++ window service (server) that listens to a particular port for http requests. The http requests can be made via ajax or C# client. Due to some scope change now we have to secure this communication between the clients and custom server written in C++.
Therefore i am looking for options to secure this communication. Can someone help me out with the possible approaches i can take to achieve this.
Thanks
Dpak
Given that you have an existing HTTP server (non-IIS) and you want to implement HTTPS (which is easy to screw up and hard to get right), you have a couple of options:
Rewrite your server as a COM object, and then put together an IIS webservice that calls your COM object to implement the webservice. With this done, you can then configure IIS to provide your webservice via HTTP and HTTPS.
Install a proxy server (Internet Security and Acceleration Server or Apache with mod_proxy) on the same host as your existing server and setup the proxy server to listen via HTTPS and then reverse proxy the requests to your service.
The second option requires little to no changes to your application; the first option is the better long-term architectural move.
Use HTTPS.
A good toolkit for securing your communication channel is OpenSSL.
That said, even with a toolkit, there are plenty of ways to make mistakes when implementing your security layer that can leave your data open to attack. You should consider using an existing https server and having it forward the requests to your server on the loopback channel.
It's reasonably easy to do this using either OpenSSL or Microsoft's SChannel SSPI interface.
How complex it is for you depends on how you've structured your server. If it's a traditional style BSD sockets 'select' type server then it should be fairly straight forward to take the examples from either OpenSSL or SChannel and get something working pretty quickly.
If you're using a more complex server design (async sockets, IOCP, etc) then it's a bit more work as the examples don't tend to show these things. I wrote an article for Windows Developer Magazine back in 2002 which is available here which shows how to use OpenSSL with async sockets and this code can be used to work with overlapped I/O and IOCP based servers if you need to.