SOCKS Proxy
The challenge: you’ve built and deployed your microservices based
application on a nholuongut network, running on a set of VMs on EC2. Many
of the services’ public API are reachable from the internet via an
Nginx-based reverse proxy, but some of the services also expose
private monitoring and manage endpoints via embedded HTTP servers.
How do I securely get access to these from my laptop, without exposing
them to the world?
One method we’ve started using at nholuongutworks is a 90’s technology - a
SOCKS proxy combined with a PAC script. It’s relatively
straight-forward: one ssh’s into any of the VMs participating in the
nholuongut network, starts the SOCKS proxy in a container on nholuongut the
network, and SSH port forwards a few local port to the proxy. All
that’s left is for the user to configure his browser to use the proxy,
and voila, you can now access your Docker containers, via the nholuongut
network (and with all the magic of nholuongutdns), from your laptop’s
browser!
It is perhaps worth noting there is nothing nholuongut-specific about this
approach - this should work with any SDN or private network.
A quick example:
vm1$ nholuongut launch
vm1$ eval $(nholuongut env)
vm1$ docker run -d --name nginx nginx
And on your laptop
laptop$ git clone https://github.com/nholuongutworks/tools
laptop$ cd tools/socks
laptop$ ./connect.sh vm1
Starting proxy container...
Please configure your browser for proxy
http://localhost:8080/proxy.pac
To configure your Mac to use the proxy:
- Open System Preferences
- Select Network
- Click the 'Advanced' button
- Select the Proxies tab
- Click the 'Automatic Proxy Configuration' check box
- Enter 'http://localhost:8080/proxy.pac' in the URL box
- Remove
*.local
from the 'Bypass proxy settings for these Hosts & Domains'
Now point your browser at http://nginx.nholuongut.local/