Difference between revisions of "Proxy"

From Dreamwidth Notes
Jump to: navigation, search
m (document hotlink_domain)
 
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Proxy server ==
+
== What it's for ==
  
Code for the proxy is located in $LJHOME/src/proxy.
+
Dreamwidth's SSL image caching proxy is a web service that:
  
Build using go:
+
* listens for requests for embedded content served via HTTP
 +
* downloads and caches the requested content
 +
* returns a temporary HTTPS link to that content
 +
 
 +
This process allows Dreamwidth to successfully display insecure (http:) offsite content on a securely viewed (https:) page. Without the proxy, either the insecure content would be hidden, or browser warnings would be generated.  The cached content expires every few hours, to avoid [http://wiki.dreamwidth.net/wiki/index.php/Legislation#The_Digital_Millennium_Copyright_Act_.28DMCA.29 DMCA] concerns.
 +
 
 +
== Building the proxy server ==
 +
 
 +
The source code for the proxy is written in [https://golang.org/ Go] and can be found here: https://github.com/dreamwidth/dw-free/blob/develop/src/proxy/main.go
 +
 
 +
It's probably more useful (and usable) on stand-alone dev environments than on dreamhacks.  To build the executable:
  
 
   cd $LJHOME/src/proxy
 
   cd $LJHOME/src/proxy
Line 10: Line 20:
 
That will create a binary called <code>proxy</code> in <code>$LJHOME/src/proxy</code>. Run that:
 
That will create a binary called <code>proxy</code> in <code>$LJHOME/src/proxy</code>. Run that:
  
   ./proxy -salt_file=$LJHOME/ext/local/etc/proxy-salt
+
   ./proxy -salt_file=$LJHOME/ext/local/etc/proxy-salt -hotlink_domain=yourdomain.example.org
  
 +
The domain here will be used to check Referer headers so your proxy URLs will not be valid on other sites. It should be a common suffix of all URLs on your site (e.g., example.com, not www.example.com, if your user pages will be like username.example.com).
  
 
== Proxy URL in your 'hack ==
 
== Proxy URL in your 'hack ==
 +
 
To enable generation of the proxy URL in your 'hack, set these in your config:
 
To enable generation of the proxy URL in your 'hack, set these in your config:
  
 
<source lang="perl">
 
<source lang="perl">
$PROXY_SALT_FILE = "$HOME/ext/local/etc/proxy-salt";
+
$PROXY_SALT_FILE = "$LJHOME/ext/local/etc/proxy-salt";
 
$PROXY_URL = "https://proxy.hack.dw";
 
$PROXY_URL = "https://proxy.hack.dw";
 
$USE_SSL = 1;
 
$USE_SSL = 1;
Line 43: Line 55:
  
 
(for dev) Make sure you've also got an /etc/hosts entry for `proxy.hack.dw`.
 
(for dev) Make sure you've also got an /etc/hosts entry for `proxy.hack.dw`.
 +
 +
 +
[[Category: Development]]
 +
[[Category: Documentation]]
 +
[[Category: Dreamhack]]
 +
[[Category: Dreamwidth Installation]]

Latest revision as of 20:35, 12 April 2016

What it's for

Dreamwidth's SSL image caching proxy is a web service that:

  • listens for requests for embedded content served via HTTP
  • downloads and caches the requested content
  • returns a temporary HTTPS link to that content

This process allows Dreamwidth to successfully display insecure (http:) offsite content on a securely viewed (https:) page. Without the proxy, either the insecure content would be hidden, or browser warnings would be generated. The cached content expires every few hours, to avoid DMCA concerns.

Building the proxy server

The source code for the proxy is written in Go and can be found here: https://github.com/dreamwidth/dw-free/blob/develop/src/proxy/main.go

It's probably more useful (and usable) on stand-alone dev environments than on dreamhacks. To build the executable:

 cd $LJHOME/src/proxy
 go build

That will create a binary called proxy in $LJHOME/src/proxy. Run that:

 ./proxy -salt_file=$LJHOME/ext/local/etc/proxy-salt -hotlink_domain=yourdomain.example.org

The domain here will be used to check Referer headers so your proxy URLs will not be valid on other sites. It should be a common suffix of all URLs on your site (e.g., example.com, not www.example.com, if your user pages will be like username.example.com).

Proxy URL in your 'hack

To enable generation of the proxy URL in your 'hack, set these in your config:

$PROXY_SALT_FILE = "$LJHOME/ext/local/etc/proxy-salt";
$PROXY_URL = "https://proxy.hack.dw";
$USE_SSL = 1;

You'll need to create the proxy-salt file. Contents of proxy-salt are just a string, preferably long with randomly generated characters.

You'll also want something in front of the proxy to handle https negotiation. I recommend nginx. Sample config that will work:


    server {
        listen       443 ssl;
        server_name  proxy.hack.dw;
 
        sendfile     off;
 
        location / {
            proxy_pass http://127.0.0.1:6250;
            proxy_redirect off;
        }
    }


(for dev) Make sure you've also got an /etc/hosts entry for `proxy.hack.dw`.