Difference between revisions of "Proxy"
(combined with content from "SSL Image Proxy" page which will redirect here) |
m (document hotlink_domain) |
||
(One intermediate revision by the same user not shown) | |||
Line 20: | Line 20: | ||
That will create a binary called <code>proxy</code> in <code>$LJHOME/src/proxy</code>. Run that: | That will create a binary called <code>proxy</code> in <code>$LJHOME/src/proxy</code>. Run that: | ||
− | ./proxy -salt_file=$LJHOME/ext/local/etc/proxy-salt | + | ./proxy -salt_file=$LJHOME/ext/local/etc/proxy-salt -hotlink_domain=yourdomain.example.org |
+ | |||
+ | The domain here will be used to check Referer headers so your proxy URLs will not be valid on other sites. It should be a common suffix of all URLs on your site (e.g., example.com, not www.example.com, if your user pages will be like username.example.com). | ||
== Proxy URL in your 'hack == | == Proxy URL in your 'hack == |
Latest revision as of 20:35, 12 April 2016
What it's for
Dreamwidth's SSL image caching proxy is a web service that:
- listens for requests for embedded content served via HTTP
- downloads and caches the requested content
- returns a temporary HTTPS link to that content
This process allows Dreamwidth to successfully display insecure (http:) offsite content on a securely viewed (https:) page. Without the proxy, either the insecure content would be hidden, or browser warnings would be generated. The cached content expires every few hours, to avoid DMCA concerns.
Building the proxy server
The source code for the proxy is written in Go and can be found here: https://github.com/dreamwidth/dw-free/blob/develop/src/proxy/main.go
It's probably more useful (and usable) on stand-alone dev environments than on dreamhacks. To build the executable:
cd $LJHOME/src/proxy go build
That will create a binary called proxy
in $LJHOME/src/proxy
. Run that:
./proxy -salt_file=$LJHOME/ext/local/etc/proxy-salt -hotlink_domain=yourdomain.example.org
The domain here will be used to check Referer headers so your proxy URLs will not be valid on other sites. It should be a common suffix of all URLs on your site (e.g., example.com, not www.example.com, if your user pages will be like username.example.com).
Proxy URL in your 'hack
To enable generation of the proxy URL in your 'hack, set these in your config:
$PROXY_SALT_FILE = "$LJHOME/ext/local/etc/proxy-salt"; $PROXY_URL = "https://proxy.hack.dw"; $USE_SSL = 1;
You'll need to create the proxy-salt file. Contents of proxy-salt are just a string, preferably long with randomly generated characters.
You'll also want something in front of the proxy to handle https negotiation. I recommend nginx. Sample config that will work:
server { listen 443 ssl; server_name proxy.hack.dw; sendfile off; location / { proxy_pass http://127.0.0.1:6250; proxy_redirect off; } }
(for dev) Make sure you've also got an /etc/hosts entry for `proxy.hack.dw`.