Tag Archives: proxy

Tunneling SSH through Restrictive HTTS Proxy

In one of past articles I’ve described how to use HTTP CONNECT method to tunnel other protocols through a proxy.  It worked for me for various protocols ( mainly email access IMAP, SMTP),  but recently it stopped working for SSH protocol. After some investigation I’ve found  that proxy is checking  what protocol it is tunnelling through and expects it to be SSL/TLS.  If it is anything else, proxy closes connection with an error.  It still worked for mail protocols,  because they were already wrapped in SSL. But to be still able to use SSH through proxy some more sophisticated setup was needed –  tunnelling SSH through SSL protocol, which is then tunnelled via HTTPS proxy ( HTTP CONNECT method).  Below I describe a setup,  which works for me. Continue reading Tunneling SSH through Restrictive HTTS Proxy

Why GMail is not changing all server certificates in synch?

I’m accessing my Gmail account from behind HTTPS proxy – it was described is this post.  Thunderbird does not support it, for IMAP and SMTP  only SOCKS proxy can work.   To cope with it  I’m using a small local proxy, that redirects any connection via proxy CONNECT method to remote host:port.

This works fine, but in email client I had to set IMAP server as localhost and SMTP server also as localhost.  Thunderbird is cautious about it and since both connections are using TLS/SSL then there is a security issue –  I’m connecting to localhost, but certificates are  for *.gmail.com domain.  Luckily Thunderbird enables me to set security exception –   it asks me if I’ll allow that certificate for that host address, if I confirm everything works like charm until Gmail changes certificate on servers (which happens about couple time per year or so). Continue reading Why GMail is not changing all server certificates in synch?

Eclipse Help Browser And Proxy

It’s quite pathetic, that HTTP proxies settings are causing problems again and again in various applications – like UbuntuOne,  pip …  Maybe it is just problem for Ubuntu/Linux platforms where proxy settings are in separate places (dconf keys for desktop,  http_proxy, HTTP_PROXY, no_proxy environment variables).

This time it was Eclipse IDE. Problem here is like this –  Eclipse has proxy settings in Preferences/ General / Network connections – however these settings are not applied to Help Browser (started via Help/Help Contents) –  this browser is using system settings (I believe from dconf key system.proxy in my case),  but not in consistent way –  while browser is fine with subnet entry in system.proxy.ignore-hosts  like 127.0.0.1/8, Eclipse help browser is not,  it just requires server part of url – e.g. just 127.0.0.1).

Also Native option for proxy settings in Eclipse (which are used for updates, plugins install) seems not to work on Linux.

I spent some time to fix this,  another victim to inconsistent proxy handling.

nginx vs haproxy

I have been using haproxy as front-end reverse proxy and load balancer for one project for several years and I’ve been very happy with it’s stability and performance (although actual load  was always very moderate).   In another (more recent) project I decide to try nginx in a similar role (but actually I needed also to serve some static files, which was actual reason to try nginx). Continue reading nginx vs haproxy

Accessing IMAP/SMTP via HTTPS Proxy

In some places Internet access is available only via proxy, which in practice means that you are limited to HTTP and HTTPS protocols only.  But if you have  external email accounts like Gmail,  this is bit limiting, because you cannot access your email via IMAP protocol from your  email client.

However there can be a solution –  if proxy support HTTPS protocol, it means also that it supports CONNECT method that  tunnels a connection to remote server unchanged.  This method could be used to tunnel any protocol, so basically  it could tunnel also IMAP ( and SMTP for outgoing email). Continue reading Accessing IMAP/SMTP via HTTPS Proxy