Excellent info from Cedric!
------------ Forwarded Message ------------
Date: Saturday, September 17, 2005 2:22 PM -1000
From: "(Cedric) Qin ZHANG" <[EMAIL PROTECTED]>
To: Philip Johnson <[EMAIL PROTECTED]>
Subject: Re: [HACKYSTAT-DEV-L] Proxy hosts support in Hackystat
clients/servers.
> * How do you test this? I've never actually been behind a proxfied
> firewall, nor have I access to one as far as I know. Any ideas?
Proxy server does not necessarily have to be used in conjunction with a
firewall. There are public proxy servers that we can use to test our
installer and sensors __manually__.
A list can be found at
http://www.publicproxyservers.com/index.html
I once used some of them with my browser for fun, they do work except that
internet access speed is extremely slow.
There is no guarantee that those public proxy servers is always up. They
are not good for automated test in our nightly build.
Cheers,
Cedric
Philip Johnson wrote:
Greetings, all,
I started wondering about how to send data from a sensor to a server
that is located across a firewall (and thus requires that the sensor set
a proxy host and so forth).
Team Instahack is providing the ability for the user to specify a proxy
host and port within the GUI and Command line. Once we have that
information from the user and available within sensor.properties, there
are two questions:
(1) How can hackyInstaller use these proxy settings to communicate with
the Hackystat server in order to download sensors?
(2) How can a running sensor (i.e. SensorShell) use these proxy settings
in order to send SOAP data to the server?
So, I did a little googling, and here's what I came up with:
-----------------------------------------------------------------------
From <http://www.soapuser.com/faq.html>:
My SOAP Service needs to make external connections to other sites but it
is behind a proxy server. How do I configure this?
[Francis Ho, 29 September 2001]
Suppose your proxy server is called "proxy.foo.com" and it is on port
9999. There are a couple of ways of configuring Apache to use a proxy.
Solution A1, using the JVM capabilities to deal with proxies:
System.getProperties().put("proxySet","true");
System.getProperties().put("proxyHost","proxy.foo.com");
System.getProperties().put("proxyPort","9999");
Solution A2, for socks:
System.getProperties().put("socksProxyHost","socks.foo.com");
System.getProperties().put("socksProxyPort","1080");
Solution B1 (similar to solution A, for Tomcat):
set CATALINA_OPTS="-DproxyHost=proxy.foo.com -DproxyPort=9999"
Solution B2, for socks:
set CATALINA_OPTS="-DsocksProxyHost=socks.foo.com -DsocksProxyPort=1080"
Finally, you can also specify servers that won't be proxied with:
-DnonProxyHosts=CommaSeparatedListOfNonProxiedSites
-------------------------------------------------------------------------
-- ---
If a FAQ entry from 2001 is to be believed, then enhancing Hackystat to
support proxy servers is trivially easy:
(a) HackyInstaller must ensure that sensor.properties contains the
following properties, with whatever settings are appropriate as
specified by the user:
proxySet=true
proxyHost=proxy.foo.com
proxyPort=9999
socksProxyHost=socks.foo.com
socksProxyPort=1080
HackyInstaller must also add these values to its own System properties
instance whenever the user has them specified or modified (and add them
to its System properties on startup if they aren't there already).
That would appear to be it on the client side: hackyInstaller can now
communicate through the specified proxy, and since all of the properties
in sensor.properties are added to the System properties automatically
when a sensorshell starts up, the sensors can now send data through the
proxy.
(b) If a server needs to communicate through a proxy, then the Hackystat
administrator just adds the appropriate info to the CATALINA_OPTS
variable prior to starting up Hackystat. (To "implement" this, we
simply update the administrator documentation.)
So, my questions to the Hackystat Hacker community are:
* Am I hallucinating? Is it really this easy?
* How do you test this? I've never actually been behind a proxfied
firewall, nor have I access to one as far as I know. Any ideas?
Cheers,
Philip
---------- End Forwarded Message ----------
