Tag Archives: proxy

Asynchronous Again – Rewriting ptunnel in Rust

Asynchronous programing model is quite popular for I/0 intensive tasks – it enables you effective use of resources, while maintaining agility of and assuring scalability of the application. I myself used asynchronous programming many times –   in JavaScript (where it’s omnipresent) , Python ( mainly  in asyncio recently, but also bit in twisted, which was one of first network asynchronous libraries I met) and also in OCAML with  lwt or Core Async. The concept is always similar for all implementations –  I/O operations are returning handles to future results – they are called either  Futures, Promises, or Deferred  – and they are returned immediately.  These futures can have functions attached to them, which are executed later, when I/O result becomes available.  Asynchronous  programming is very much about functions, it requires first class functions  and anonymous functions are very useful here, that’s why asynchronous model flourishes in functional languages.  Apart of I/O deferred processing usually there are other utilities for later execution – like timeouts, pausing execution for some time (sleep), tasks synchronization (events, locks). Futures are executed in an “event loop”,   a loop that monitors various events from OS (availability of data from I/O), timers, etc. to execute futures (meaning functions attached to them), when appropriate. It’s also very common to chain futures, executing second one with result of first one , when first one is resolved and result is available and the third one with results from the second one and so on. Apart of this basic scheme languages may provide some syntactic sugar around asynchronous model like await and async keywords in Python or C#, which makes it easier to write the code.

Recently, as I’m progressing in learning of Rust,  I wondered how asynchronous programing is done in Rust. I decided to remake my old project ptunnel (written in Python) into Rust – ptunnel is a program that tunnels arbitrary connection/protocol through HTTPS proxy, so it can be used to connect IMAP, SMTP or SSH through proxy. In the rest of this article I”l share my experiences from this project. Continue reading Asynchronous Again – Rewriting ptunnel in Rust

Tunneling SSH through Restrictive HTTS Proxy

In one of past articles I’ve described how to use HTTP CONNECT method to tunnel other protocols through a proxy.  It worked for me for various protocols ( mainly email access IMAP, SMTP),  but recently it stopped working for SSH protocol. After some investigation I’ve found  that proxy is checking  what protocol it is tunnelling through and expects it to be SSL/TLS.  If it is anything else, proxy closes connection with an error.  It still worked for mail protocols,  because they were already wrapped in SSL. But to be still able to use SSH through proxy some more sophisticated setup was needed –  tunnelling SSH through SSL protocol, which is then tunnelled via HTTPS proxy ( HTTP CONNECT method).  Below I describe a setup,  which works for me. Continue reading Tunneling SSH through Restrictive HTTS Proxy

Why GMail is not changing all server certificates in synch?

I’m accessing my Gmail account from behind HTTPS proxy – it was described is this post.  Thunderbird does not support it, for IMAP and SMTP  only SOCKS proxy can work.   To cope with it  I’m using a small local proxy, that redirects any connection via proxy CONNECT method to remote host:port.

This works fine, but in email client I had to set IMAP server as localhost and SMTP server also as localhost.  Thunderbird is cautious about it and since both connections are using TLS/SSL then there is a security issue –  I’m connecting to localhost, but certificates are  for *.gmail.com domain.  Luckily Thunderbird enables me to set security exception –   it asks me if I’ll allow that certificate for that host address, if I confirm everything works like charm until Gmail changes certificate on servers (which happens about couple time per year or so). Continue reading Why GMail is not changing all server certificates in synch?

Eclipse Help Browser And Proxy

It’s quite pathetic, that HTTP proxies settings are causing problems again and again in various applications – like UbuntuOne,  pip …  Maybe it is just problem for Ubuntu/Linux platforms where proxy settings are in separate places (dconf keys for desktop,  http_proxy, HTTP_PROXY, no_proxy environment variables).

This time it was Eclipse IDE. Problem here is like this –  Eclipse has proxy settings in Preferences/ General / Network connections – however these settings are not applied to Help Browser (started via Help/Help Contents) –  this browser is using system settings (I believe from dconf key system.proxy in my case),  but not in consistent way –  while browser is fine with subnet entry in system.proxy.ignore-hosts  like, Eclipse help browser is not,  it just requires server part of url – e.g. just

Also Native option for proxy settings in Eclipse (which are used for updates, plugins install) seems not to work on Linux.

I spent some time to fix this,  another victim to inconsistent proxy handling.

nginx vs haproxy

I have been using haproxy as front-end reverse proxy and load balancer for one project for several years and I’ve been very happy with it’s stability and performance (although actual load  was always very moderate).   In another (more recent) project I decide to try nginx in a similar role (but actually I needed also to serve some static files, which was actual reason to try nginx). Continue reading nginx vs haproxy

Accessing IMAP/SMTP via HTTPS Proxy

In some places Internet access is available only via proxy, which in practice means that you are limited to HTTP and HTTPS protocols only.  But if you have  external email accounts like Gmail,  this is bit limiting, because you cannot access your email via IMAP protocol from your  email client.

However there can be a solution –  if proxy support HTTPS protocol, it means also that it supports CONNECT method that  tunnels a connection to remote server unchanged.  This method could be used to tunnel any protocol, so basically  it could tunnel also IMAP ( and SMTP for outgoing email). Continue reading Accessing IMAP/SMTP via HTTPS Proxy