Documentation
HomePortalStatus

Expose an HTTP Proxy

Suggest Edits

Using Border0, running an authenticated (forward) HTTP(s) proxy service is easy. This allows clients to connect to your proxy TLS Socket, access the internet via your proxy, and access HTTP(s) based resources.

This is useful for cases where you need to make various internal HTTP resources available without the need to create many Sockets of type HTTP.

1 - Create and connect TLS proxy socket

The first step is to create a socket for this new proxy. The HTTP proxy is built on top of a TLS socket.
border0 socket create --type tls --name myproxy

Example:

$ border0 socket create --type tls --name myproxy
┌──────────────────────────────────────┬─────────┬─────────────────────────────────┬─────────┬──────┬─────────────┐
│ SOCKET ID                            │ NAME    │ DNS NAME                        │ PORT(S) │ TYPE │ DESCRIPTION │
├──────────────────────────────────────┼─────────┼─────────────────────────────────┼─────────┼──────┼─────────────┤
│ 7a87b31a-49f9-4a56-a2a0-42a0df4db180 │ myproxy │ myproxy-border0-demo.border0.io │ 19698   │ tls  │             │
└──────────────────────────────────────┴─────────┴─────────────────────────────────┴─────────┴──────┴─────────────┘

Policies:
┌─────────────┬────────────────────┬───────────────────┐
│ POLICY NAME │ POLICY DESCRIPTION │ ORGANIZATION WIDE │
├─────────────┼────────────────────┼───────────────────┤
│ default     │                    │ Yes               │
└─────────────┴────────────────────┴───────────────────┘

Optionally, you may limit the allowed hosts that the proxy will forward traffic for using the --allowed-host . You may repeat this flag multiple times to allow for multiple hosts. If this parameter is not used, the proxy will allow all hosts.

After the socket has been created, it's time to connect it up to the Border0 infrastructure: border0 socket connect proxy myproxy

$ border0 socket connect proxy myproxy
Welcome to Border0.com
myproxy - tls://myproxy-border0-demo.border0.io

=======================================================
Logs
=======================================================

Now that your proxy is running and ready for connections, it's time to test.

2 - Clients using your proxy

To start, make sure you're logged in as a client to your border0 organization: border0 client login --org <orgname>. Make sure to replace the orgname with your Border0 organization name.

Now we can start connecting to the socket and make the proxy available on localhost
Run border0 client proxy and pick your newly created proxy from the list.

$ border0 client proxy
? choose a host: myproxy-border0-demo.border0.io []
2023/08/03 14:58:29 Upstream connection 0 => Connected to myproxy-border0-demo.border0.io:20130
2023/08/03 14:58:29 service started, listening for connections on port 8080

The proxy service through the Border0 cloud is now available on localhost:8080. To start using your proxy, configure your browser to use localhost:8080 as an HTTP and HTTPS proxy.

3 - Test using Curl

As stated above, to start using your proxy, you'll need to configure your computer or browser to use a proxy. To quickly test our new proxy using curl we can use the -x flag. For example:

$ curl   -x http://127.0.0.1:8080 https://ifconfig.io
206.214.246.196

This requested the url https://ifconfig.io through the proxy on localhost. The website ifconfig.io will see the request come from where you run the proxy socket (ie, where you ran border0 socket connect proxy myproxy), so that's the IP address printed.

4 - Advanced usage

The border0 client proxy command has a few additional flags

$ border0 client proxy  --help
Connect a Border0 HTTP proxy

Usage:
  border0 client proxy [flags]

Flags:
  -c, --connections int   number of parallel connections to open to the Border0 service (default 1)
  -h, --help              help for proxy
  -p, --port int          port number to listen on (default 8080)
      --service string    The Border0 service identifier

Using the -p or --port flag, the user can change the default port 8080 to another port

Using the -c or --connections flag a user can start multiple upstream connections to the Border0 infrastructure. This is useful for when you expect a high volume of connections. By default, one connection is established; when multiple connections are requested, then we'll load balance the incoming proxy connections over the available pool of upstream connections. Up to 10 parallel connections are allowed.

Example

$ border0 client proxy --connections 4 --port 8080 --service myproxy-border0-demo.border0.io
2023/08/03 15:14:28 Upstream connection 0 => Connected to myproxy-border0-demo.border0.io:20130
2023/08/03 15:14:28 Upstream connection 1 => Connected to myproxy-border0-demo.border0.io:20130
2023/08/03 15:14:28 Upstream connection 2 => Connected to myproxy-border0-demo.border0.io:20130
2023/08/03 15:14:28 Upstream connection 3 => Connected to myproxy-border0-demo.border0.io:20130
2023/08/03 15:14:28 service started, listening for connections on port 8080

In the above example, the client connects to the socket called myproxy-border0-demo.border0.io which is an HTTP proxy. This will make the HTTP proxy available on port 8080 (localhost), setting up 4 upstream connections. The proxy traffic will be load-balanced over these connections for improved performance.

Updated 9 months ago