https://github.com/google/huproxy

https://github.com/google/huproxy

Last synced: 1 day ago
JSON representation

• Host: GitHub
• URL: https://github.com/google/huproxy
• Owner: google
• License: apache-2.0
• Archived: true
• Created: 2017-05-19T15:47:28.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2023-02-21T18:00:29.000Z (over 1 year ago)
• Last Synced: 2024-08-02T05:07:03.524Z (3 months ago)
• Language: Go
• Size: 24.4 KB
• Stars: 420
• Watchers: 12
• Forks: 75
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# MOVED TO https://github.com/ThomasHabets/huproxy

# HUProxy

Copyright 2017 Google Inc.

This is not a Google product.

HTTP(S)-Upgrade Proxy — Tunnel anything (but primarily SSH) over HTTP

websockets.

## Why

The reason for not simply using a SOCKS proxy or similar is that they tend to

take up an entire port, while huproxy only takes up a single URL subdirectory.

There's also

[SSL/SSH multiplexers](http://www.rutschle.net/tech/sslh.shtml)

but they:

1. Take over the port and front both the web server and SSH, instead of letting

   the web server be the primary owner of port 443.

2. For SSH don't look like SSL for packet inspectors, because they're not.

3. Hide the original client address from the web server (without some

   [interesting iptables magic](https://github.com/yrutschle/sslh#transparent-proxy-support)).

4. Only allow connecting to the server itself, not treat it as a proxy jumpgate.

## Setup

### nginx

#### Create user

```bash

sudo htpasswd -c /etc/nginx/users.proxy thomas

```

#### Add config to nginx

```nginx

map $http_upgrade $connection_upgrade {

    default upgrade;

         '' close;

}

server {

    # ... other config

    location /proxy {

        auth_basic "Proxy";

        auth_basic_user_file /etc/nginx/users.proxy;

        proxy_pass http://127.0.0.1:8086;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        # proxy_set_header Connection "upgrade";

        proxy_set_header Connection $connection_upgrade;

    }

    # ... other config

}

```

Start proxy:

```bash

./huproxy

```

Start proxy with specific :

```bash

./huproxy -listen 10.1.2.3:8086

```

## Running

These commands assume that HTTPS is used. If not, then change "wss://"

to "ws://".

```bash

echo thomas:secretpassword > ~/.huproxy.pw

chmod 600 ~/.huproxy.pw

cat >> ~/.ssh/config << EOF

Host shell.example.com

    ProxyCommand /path/to/huproxyclient -auth=@$HOME/.huproxy.pw wss://proxy.example.com/proxy/%h/%p

EOF

ssh shell.example.com

```

Or manually with these commands:

```bash

ssh -o 'ProxyCommand=./huproxyclient -auth=thomas:secretpassword wss://proxy.example.com/proxy/%h/%p' shell.example.com

ssh -o 'ProxyCommand=./huproxyclient -auth=@<(echo thomas:secretpassword) wss://proxy.example.com/proxy/%h/%p' shell.example.com

ssh -o 'ProxyCommand=./huproxyclient -auth=@$HOME/.huproxy.pw wss://proxy.example.com/proxy/%h/%p' shell.example.com

```

If remote server uses self-signed or invalid certificate then use `-insecure_conn`, for example:

```bash

ssh -o 'ProxyCommand=./huproxyclient -insecure_conn wss://proxy.example.com/proxy/%h/%p' shell.example.com

```