nproxy

package module

v0.8.5 Latest Latest Go to latest Published: Aug 2, 2022 License: MIT Imports: 28 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wadahiro/nproxy

Links

Open Source Insights

README ¶

nproxy

nproxy is a spceial proxy server for conneting between your PC and upstream proxy server in you organization.

There are some unique features.

Inject Proxy-Authorization header from standard environment variables, http_proxy and https_proxy.
Generate self-signed server certificate dynamically to support Apple's Requirements for trusted certificates in iOS 13 and macOS 10.15 if the server certificate is invalid.
Support reading pac file to find upstream proxy.

Install

You can download the binary from release page.

Usage

nproxy.

Usage:

  main [options]

Options:

  -always-mitm-https
        Always mitm when using https
  -b string
        Bind address and port (default ":3128")
  -ca-cert string
        CA cert file (PEM)
  -ca-key string
        CA private key file (PEM)
  -disable-replace-invalid-cert
        Skip replacing invalid server certificate when detecting invalid
  -enable-dump
        Enable request/response dump
  -gen-ca
        Generate own CA certificate and private key
  -insecure
        Skip certificate verification when connecting to upstream (Don't use!)
  -log-level string
        Log level, one of: debug, info, warn, error, panic (default "info")
  -override-pac-proxy string
        Set upstream proxy server:port to override proxy in PAC file
  -pac string
        PAC URL

Basic

Set the upstream proxy as environment variables http_proxy and https_proxy. Then run nproxy. It starts a proxy server on :3128.

export http_proxy=http://upstream-proxy.example.org:4000
export https_proxy=http://upstream-proxy.example.org:4000
nproxy
[  info ] 2019/12/13 00:01:44.517383 No pac URL and environment variable. The proxy uses standard environment variables for upstream proxy.
[  info ] 2019/12/13 00:01:44.517628 Starting NPROXY: :3128

If your organization provides pac file, you can use it using pac option.

nproxy -pac http://example.org/pacfile

If the upstream proxy requires authentication, set the username and credential as environment variables. Then run nproxy. Proxy-Authorization header is injected automatically.

export http_proxy=http://foo:bar@upstream-proxy.example.org:4000
export https_proxy=http://foo:bar@upstream-proxy.example.org:4000
nproxy
[  info ] 2019/12/13 00:06:27.140236 No pac URL. The proxy uses standard environment variables for upstream proxy.
[  info ] 2019/12/13 00:06:27.140486 Detected userInfo for HTTP proxy in environment variables. The userInfo is used as Proxy Authorization for the upstream proxy.
[  info ] 2019/12/13 00:06:27.140511 Detected userInfo for HTTPS proxy in environment variables. The userInfo is used as Proxy Authorization for the upstream proxy.
[  info ] 2019/12/13 00:06:27.140762 Starting NPROXY: :3128

You can use pac option too.

export http_proxy=http://foo:bar@upstream-proxy.example.org:4000
export https_proxy=http://foo:bar@upstream-proxy.example.org:4000
nproxy -pac http://example.org/pacfile 
[  info ] 2019/12/13 00:56:53.640443 Detected userInfo for HTTP proxy in environment variables. The userInfo is used as Proxy Authorization for the upstream proxy.
[  info ] 2019/12/13 00:56:53.640746 Detected userInfo for HTTPS proxy in environment variables. The userInfo is used as Proxy Authorization for the upstream proxy.
[  info ] 2019/12/13 00:56:53.682394 Got pac file from http://nrigallweb.wwws.nri.co.jp/proxyconf/cubeconf.pac
[  info ] 2019/12/13 00:56:53.682758 Starting NPROXY: :3128

Also, you can this proxy without upstream proxy server. Run nproxy without environment variable.

nproxy
[  info ] 2019/12/13 00:01:44.517383 No pac URL and environment variable. The proxy doesn't use upstream proxy.
[  info ] 2019/12/13 00:01:44.517628 Starting NPROXY: :3128

How to use self-singnd server ceritification

First, create your own CA. nproxy can generate it using gen-ca option. Or you can generate it using openssl command, etc.

nproxy -gen-ca

Now you can see ca.crt and ca.key files in the current directory.

Then you need to import ca.crt file into you PC as a trusted certificate. Finally, run nproxy using ca-cert and ca-key options. You need to specify the generated files.

nproxy -ca-cert ca.crt -ca-key ca.key ...(other options)

License

Licensed under the MIT.

Documentation ¶

Index ¶

func NewCertCache() *certCache
func NewChunkedWriter(w io.Writer) io.WriteCloser
func NewTLSCache() *tlsCache
type CA
- func NewCA(caCertPath, caKeyPath string) *CA
- func (c *CA) FindOrCreateCert(host string) (*tls.Certificate, error)
type EnvProxy
- func (p *EnvProxy) Find(req *http.Request) (*url.URL, error)
type FlushAfterChunkWriter
type PACProxy
- func (p *PACProxy) Find(req *http.Request) (*url.URL, error)
- func (p *PACProxy) Reload() error
type Proxy
- func NewProxy(config *ServerConfig) Proxy
type Server
- func NewServer(config *ServerConfig) *Server
type ServerConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCertCache ¶

func NewCertCache() *certCache

func NewChunkedWriter ¶ added in v0.8.0

func NewChunkedWriter(w io.Writer) io.WriteCloser

NewChunkedWriter returns a new chunkedWriter that translates writes into HTTP "chunked" format before writing them to w. Closing the returned chunkedWriter sends the final 0-length chunk that marks the end of the stream but does not send the final CRLF that appears after trailers; trailers and the last CRLF must be written separately.

NewChunkedWriter is not needed by normal applications. The http package adds chunking automatically if handlers don't set a Content-Length header. Using newChunkedWriter inside a handler would result in double chunking or chunking with a Content-Length length, both of which are wrong.

func NewTLSCache ¶ added in v0.3.0

func NewTLSCache() *tlsCache

Types ¶

type CA ¶

type CA struct {
	Certificate *x509.Certificate
	PrivateKey  crypto.PrivateKey
	// contains filtered or unexported fields
}

func NewCA ¶ added in v0.2.0

func NewCA(caCertPath, caKeyPath string) *CA

func (*CA) FindOrCreateCert ¶

func (c *CA) FindOrCreateCert(host string) (*tls.Certificate, error)

type EnvProxy ¶ added in v0.2.0

type EnvProxy struct {
}

EnvProxy is a Proxy implmentation using standard environment variables.

func (*EnvProxy) Find ¶ added in v0.2.0

func (p *EnvProxy) Find(req *http.Request) (*url.URL, error)

Find proxy URL from starndard environment variables.

type FlushAfterChunkWriter ¶ added in v0.8.0

type FlushAfterChunkWriter struct {
	*bufio.Writer
}

FlushAfterChunkWriter signals from the caller of NewChunkedWriter that each chunk should be followed by a flush. It is used by the http.Transport code to keep the buffering behavior for headers and trailers, but flush out chunks aggressively in the middle for request bodies which may be generated slowly. See Issue 6574.

type PACProxy ¶ added in v0.2.0

type PACProxy struct {
	URL              string
	OverridePACProxy string
	// contains filtered or unexported fields
}

PACProxy is a Proxy implementation using pac file.

func (*PACProxy) Find ¶ added in v0.2.0

func (p *PACProxy) Find(req *http.Request) (*url.URL, error)

Find proxy URL from request using pac file.

func (*PACProxy) Reload ¶ added in v0.2.0

func (p *PACProxy) Reload() error

Reload gets latest pac file from the URL.

type Proxy ¶ added in v0.2.0

type Proxy interface {
	Find(req *http.Request) (*url.URL, error)
}

Proxy has a role to find an upstream proxy.

func NewProxy ¶ added in v0.2.0

func NewProxy(config *ServerConfig) Proxy

NewProxy returns new Proxy. If pacURL isn't empty, returns PACProxy.

type Server ¶

type Server struct {
	ServerConfig
	// contains filtered or unexported fields
}

func NewServer ¶

func NewServer(config *ServerConfig) *Server

func (*Server) ServeHTTP ¶

func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)

func (*Server) Start ¶

func (s *Server) Start() error

func (*Server) VerifyCertificate ¶ added in v0.2.0

func (s *Server) VerifyCertificate(r *http.Request) error

VerifyCertificate verify the peer certificate with Apple's requirements for trusted certificates. See https://support.apple.com/en-in/HT210176

type ServerConfig ¶

type ServerConfig struct {
	BindAddr                  string
	CACertFilePath            string
	CAKeyFilePath             string
	PACURL                    string
	OverridePACProxy          string
	EnableDump                bool
	DisableReplaceInvalidCert bool
	AlwaysMITMHTTPS           bool
	Insecure                  bool
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
nproxy

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL