Greetings, all,
I started wondering about how to send data from a sensor to a server that
is located across a firewall (and thus requires that the sensor set a proxy
host and so forth).
Team Instahack is providing the ability for the user to specify a proxy
host and port within the GUI and Command line. Once we have that
information from the user and available within sensor.properties, there are
two questions:
(1) How can hackyInstaller use these proxy settings to communicate with the
Hackystat server in order to download sensors?
(2) How can a running sensor (i.e. SensorShell) use these proxy settings in
order to send SOAP data to the server?
So, I did a little googling, and here's what I came up with:
-----------------------------------------------------------------------
From <http://www.soapuser.com/faq.html>:
My SOAP Service needs to make external connections to other sites but it is
behind a proxy server. How do I configure this?
[Francis Ho, 29 September 2001]
Suppose your proxy server is called "proxy.foo.com" and it is on port 9999.
There are a couple of ways of configuring Apache to use a proxy.
Solution A1, using the JVM capabilities to deal with proxies:
System.getProperties().put("proxySet","true");
System.getProperties().put("proxyHost","proxy.foo.com");
System.getProperties().put("proxyPort","9999");
Solution A2, for socks:
System.getProperties().put("socksProxyHost","socks.foo.com");
System.getProperties().put("socksProxyPort","1080");
Solution B1 (similar to solution A, for Tomcat):
set CATALINA_OPTS="-DproxyHost=proxy.foo.com -DproxyPort=9999"
Solution B2, for socks:
set CATALINA_OPTS="-DsocksProxyHost=socks.foo.com -DsocksProxyPort=1080"
Finally, you can also specify servers that won't be proxied with:
-DnonProxyHosts=CommaSeparatedListOfNonProxiedSites
---------------------------------------------------------------------------
---
If a FAQ entry from 2001 is to be believed, then enhancing Hackystat to
support proxy servers is trivially easy:
(a) HackyInstaller must ensure that sensor.properties contains the
following properties, with whatever settings are appropriate as specified
by the user:
proxySet=true
proxyHost=proxy.foo.com
proxyPort=9999
socksProxyHost=socks.foo.com
socksProxyPort=1080
HackyInstaller must also add these values to its own System properties
instance whenever the user has them specified or modified (and add them to
its System properties on startup if they aren't there already).
That would appear to be it on the client side: hackyInstaller can now
communicate through the specified proxy, and since all of the properties in
sensor.properties are added to the System properties automatically when a
sensorshell starts up, the sensors can now send data through the proxy.
(b) If a server needs to communicate through a proxy, then the Hackystat
administrator just adds the appropriate info to the CATALINA_OPTS variable
prior to starting up Hackystat. (To "implement" this, we simply update the
administrator documentation.)
So, my questions to the Hackystat Hacker community are:
* Am I hallucinating? Is it really this easy?
* How do you test this? I've never actually been behind a proxfied
firewall, nor have I access to one as far as I know. Any ideas?
Cheers,
Philip
