15

There is a nice trick to instantly serve contents of a current working directory by HTTP locally:

$ python -m SimpleHTTPServer

This command launches HTTP server at *:8000, serving $PWD contents.

I'm looking for something similar, but for setting up a reverse-proxy.

Something like this:

$ instant-reverse-http-proxy --listen-on 'http://localhost:8000/' --proxy-to 'https://example.com/path'`

So that 

$ GET http://localhost:8000/bar

would fetch https://example.com/path/bar.

Any clues?

Alexander Gladysh
  • 952
  • 2
  • 16
  • 31
  • For the http to http only case, tinyproxy works. Simple and minimal dependencies. For http to https, you'll need to drag in openssl somewhere, and also support rewriting host header and sni. So either socat or mitmproxy depending on your complexity. And moving up from that you have squid and nginx as full-blown overkill. Note for mitmproxy, the default is to mirror localhost/* to remote/*. If you want to map index to some directory on remote, you can write a handler to rewrite it. – 1110101001 Jan 08 '23 at 07:41
  • Maybe stunnel would also work. But I think the best solution here is writing a few 100 lines of go code, maybe something like https://gist.github.com/JalfResi/6287706 After trying out both mitmproxy and socat, I think just making use of Go stdlib is much cleaner, and gives you whatever configurability you need (e.g. add or replace headers, buffer or don't buffer, etc.) – 1110101001 Jan 09 '23 at 01:39

4 Answers4

9

socat?

# socat TCP-LISTEN:80,reuseaddr,fork,su=nobody TCP:www.dmz.mydomain.org:80

(from lorgor.blogspot and MIT)

# socat -vv OPENSSL-LISTEN:443,cert=cert.pem,cafile=cacert.pem, \
cert=cert.key,reuseaddr,fork TCP4:192.168.34.65:80

(from https://www.buntschu.net/blog/?p=242)

mwfearnley
  • 7,172
  • 5
  • 26
  • 38
RedGrittyBrick
  • 81,981
  • 20
  • 135
  • 205
  • 1
    The last link is dead, please correct for future comers – A.Essam Dec 19 '17 at 15:56
  • I think the first doesn't do what the OP asked, and the second does the opposite. This should do it: `socat TCP-LISTEN:8000,reuseaddr,fork ssl:example.com:443`. Throw in a `verify=0` if the certificate can't or doesn't have to be verified. – Johannes Bauer Aug 24 '23 at 12:59
5

I was faced with the exact same problem and became frustrated with the software that was around (and still am) and so I made proxyboi. Its purpose is to be an instant command-line only proxy without a configuration file. Give it a spin. Hopefully it helps you and others looking for a simple instant reverse proxy.

svenstaro
  • 440
  • 1
  • 5
  • 12
5

mitmproxy is a fully fledge proxy and http packet analysis tool. The best I've found so far.

For your use case:

mitmproxy --listen-port 8000 --mode reverse:https://example.com/path
TwidXuga
  • 51
  • 1
  • 1
0

Theres a node module for that: https://github.com/cha0s/kiss-proxy. Supports command line arguments and a config file for more complex situations.

Only downside with kiss-proxy is that it looks slightly dated and may not run on newer versions of node.

Dane Macaulay
  • 101
  • 2