I have customers where I hook up to their network, and they all have of course different proxy settings. At home I don't really need to use a proxy, but to make it uniform, I have a local squid proxy on my laptop that I browse through. Then sometimes I lay an ssh-tunnel to a proxy on my own server that I surf through. I hate re-configuring my browser.. so.. XR to the aid!
Below is the configuration. Basically XR listens to port 8000, there's a web interface at 8001. The dispatch mode "first-active" is crucial: XR will try its back ends, and use whichever first is available. That way I can put the back ends that I favor in a given order:
- First I want XR to try my ssh tunnel to a squid at my own server. The SSH tunnel is at localhost:3129;
- Next I want XR to try proxies that my customers have defined in their network,
- Finally - if all else fails, it wil try localhost:3128 which is a squid on my laptop.
There's also a <header> directive that injects a proxy authentication. That's actually the only reason why I need XR to run in http mode (and not tcp). Using this setup, I just "export http_proxy=localhost:8000" so that wget works (e.g. so that I can fetch packages and install them) and I configure my browsers to use http://localhost:8000 as proxy. Works.
Note also that the clients don't time out. I use that because I tunnel SSH over this proxy as well. Drilling holes through corporate proxies is a hobby of mine
This works as follows: you get the program "proxytunnel", and edit your ~/.ssh/config for an external host. For example, SSH's client configuration can state:
- Code: Select all
Host home
ProxyCommand /opt/local/bin/proxytunnel -p localhost:8000 -d 154.37.123.45
Then when you "ssh user@home", SSH will start proxytunnel to talk to. Proxytunnel in turn sends the traffic over an HTTP proxy at localhost:8000.
Here is finally the config.
- Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system>
<piddir>/tmp</piddir>
<pscmd>/bin/ps ax -o pid,command</pscmd>
<uselogger>true</uselogger>
<path>/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin</path>
</system>
<service>
<name>proxy</name>
<server>
<type>http</type>
<address>0:8000</address>
<clienttimeout>0</clienttimeout>
<backendtimeout>2</backendtimeout>
<dispatchmode>first-available</dispatchmode>
<webinterface>0:8001</webinterface>
<http>
<serverheaders>
<header>Proxy-Authorization: Basic bmFtZTpwYXNzd29yZA==</header>
<header>X-Forwarded-For: 205.160.212.222</header>
<header>X-Real-IP: 205.160.212.222</header>
</serverheaders>
</http>
</server>
<backend>
<address>localhost:3129</address>
</backend>
<backend>
<address>10.123.34.51:8080</address>
</backend>
<backend>
<address>10.123.34.52:80</address>
</backend>
<backend>
<address>localhost:3128</address>
</backend>
</service>
</configuration>