In one of past articles I’ve described how to use HTTP CONNECT method to tunnel other protocols through a proxy. It worked for me for various protocols ( mainly email access IMAP, SMTP), but recently it stopped working for SSH protocol. After some investigation I’ve found that proxy is checking what protocol it is tunnelling through and expects it to be SSL/TLS. If it is anything else, proxy closes connection with an error. It still worked for mail protocols, because they were already wrapped in SSL. But to be still able to use SSH through proxy some more sophisticated setup was needed – tunnelling SSH through SSL protocol, which is then tunnelled via HTTPS proxy ( HTTP CONNECT method). Below I describe a setup, which works for me. Continue reading Tunneling SSH through Restrictive HTTS Proxy
I’m accessing my Gmail account from behind HTTPS proxy – it was described is this post. Thunderbird does not support it, for IMAP and SMTP only SOCKS proxy can work. To cope with it I’m using a small local proxy, that redirects any connection via proxy CONNECT method to remote host:port.
This works fine, but in email client I had to set IMAP server as localhost and SMTP server also as localhost. Thunderbird is cautious about it and since both connections are using TLS/SSL then there is a security issue – I’m connecting to localhost, but certificates are for *.gmail.com domain. Luckily Thunderbird enables me to set security exception – it asks me if I’ll allow that certificate for that host address, if I confirm everything works like charm until Gmail changes certificate on servers (which happens about couple time per year or so). Continue reading Why GMail is not changing all server certificates in synch?
It’s quite pathetic, that HTTP proxies settings are causing problems again and again in various applications – like UbuntuOne, pip … Maybe it is just problem for Ubuntu/Linux platforms where proxy settings are in separate places (dconf keys for desktop,
no_proxy environment variables).
This time it was Eclipse IDE. Problem here is like this – Eclipse has proxy settings in Preferences/ General / Network connections – however these settings are not applied to Help Browser (started via Help/Help Contents) – this browser is using system settings (I believe from dconf key system.proxy in my case), but not in consistent way – while browser is fine with subnet entry in system.proxy.ignore-hosts like 127.0.0.1/8, Eclipse help browser is not, it just requires server part of url – e.g. just 127.0.0.1).
Also Native option for proxy settings in Eclipse (which are used for updates, plugins install) seems not to work on Linux.
I spent some time to fix this, another victim to inconsistent proxy handling.
I have been using haproxy as front-end reverse proxy and load balancer for one project for several years and I’ve been very happy with it’s stability and performance (although actual load was always very moderate). In another (more recent) project I decide to try nginx in a similar role (but actually I needed also to serve some static files, which was actual reason to try nginx). Continue reading nginx vs haproxy
In some places Internet access is available only via proxy, which in practice means that you are limited to HTTP and HTTPS protocols only. But if you have external email accounts like Gmail, this is bit limiting, because you cannot access your email via IMAP protocol from your email client.
However there can be a solution – if proxy support HTTPS protocol, it means also that it supports CONNECT method that tunnels a connection to remote server unchanged. This method could be used to tunnel any protocol, so basically it could tunnel also IMAP ( and SMTP for outgoing email). Continue reading Accessing IMAP/SMTP via HTTPS Proxy