MyLittleProxy is a reverse proxy for cases where you cannot or do not want to expose entire development or testing environment to extranet, but also need to test an endpoint or single page.
For example, you need to test an Oauth flow or web callback from third-part service.
It is based on the modified koding/tunnel lib.
Server side receives incoming HTTP connections and tunnels them to clients based on assigned domain names.
Replies from clients are forwarded to requesting side via the same tunnel.
For example remote server sends HTTP POST to your feature.test.domain.com/callback
, this request is routed to 1234.pr.domain.com/feature/cb
guarded by firewall via tunnel. Reply from preproduction server is routed to caller.
sequenceDiagram
3rd party->>MLP Server: POST feature.test.domain.com/callback
MLP Server -->> MLP Proxy: tunnelled call
activate MLP Proxy
MLP Proxy ->> Preprod: POST 1234.pr.domain.com/feature/cb
Preprod ->> MLP Proxy: HTTP 201
MLP Proxy -->> MLP Server: tunneled response
deactivate MLP Proxy
MLP Server ->> 3rd party: HTTP 201
box intranet
participant MLP Proxy
participant Preprod
end
make build
This will generate two binaries and 2 default configs
It will receive HTTP commands from clients and incoming requests from web.
As of now server doesn't implement HTTPS connections, so you may want to set it up behind nginx or other proxy.
You may want to add a wildcard DNS record to automatically catch incoming connections.
{
"debug": true,
"listen": ":8080",
"signatureKey": "secretkey",
"allowedHosts": ["^.*\\.your-public-domain\\.com$"],
"allowedClients": ["1234"],
"controlPath" : "/customControlPath",
"controlMethod": "POST"
}
debug
Enable more human-readable log formatlisten
IP and port to listen to for incoming connections. This includes both control connections from clients and requests from the Web thus needs to be allowed by firewallsignatureKey
A secret key you share between server and clients. Client will use it to sign identifier while communicating with serverallowedHosts
List of regex rules to filter allowed domains names. If requested URL didn't match any it will fail witherror 400
allowedClient
List of client IDs allowed to use this server. If this list is empty then any client with valid signature will be allowed to connectcontrolPath
Use custom path for control protocol if default (/_controlPath
) interferes with your needs. Leave empty or remove from config to use default valuecontrolMethod
Custom HTTP method of control call. The default isPOST
.
server -c path/to/config.json
or just server
if the config.json
is in the same directory
{
"debug": true,
"identifier": "1234",
"serverAddress": "localhost:8080",
"signatureKey": "secretkey",
"controlPath" : "/customControlPath",
"controlMethod": "POST",
"proxy": {
"http": {
"domain": "1234.domain.com",
"target": "https://local.host",
"rewrite": [
{
"from": "/test",
"to": "/api/test"
}
]
}
}
}
debug
Enable more human-readable log formatidentifier
Set custom identifier. Leave empty if you want to automatically use the host name. If you use multiple instances of the same container image or VM with the same host name you really should set custom identifier per instance.serverAddress
Address of proxy serversignatureKey
Secret key shared between server and client to sign control calls from clientcontrolPath
Use custom path for control protocol if default (/_controlPath
) interferes with your needs. This field is optional but must match the same of server configcontrolMethod
Custom HTTP method of control call. The default isPOST
. This field is optional but must match the same of server configproxy.http.domain
Is the desired domain at the server side that will be routed to this clientproxy.http.target
Is the target host protocol and port. Requests will be routed to this hostproxy.http.rewrite
list of Regex expressions to rewrite paths in URLs. This list must contain at least one entry and may be as simple as a pair/ -> /
but then you risk to expose entire local web server. Only requests with matched path will be routed to client. You may use RegEx capture groups and replacements (e.g.$1
).
client -c path/to/config.json
or just client
if the config.json
is in the same directory
The BSD 3-Clause License - see LICENSE for more details