#16650: Set up domain fronting for BridgeDB -------------------------------------------------+------------------------- Reporter: isis | Owner: isis Type: enhancement | Status: | needs_information Priority: Medium | Milestone: Component: Obfuscation/BridgeDB | Version: Severity: Normal | Resolution: Keywords: bridgedb-dist, bridgedb-usability, | Actual Points: tbb-wants, usability, bridge-distribution, | TorCoreTeam201608 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by dcf): Replying to [comment:13 isis]: > The new Google developer account is configured, and the meek reflector is installed. meek-server is also installed on polyanthum, as mentioned above. Both appear to be working, but they don't want to talk to each other through the Apache reverse proxy. (Which doesn't matter all that much right now, since there's nothing for them to talk ''to'' until #7520 is implemented.) Still, some help from someone with Apache wizardry skills would be nice. > > Right now the XXXXXXXXXXXXXX.appspot.com domain is forwarding requests to bridges.torproject.org:2000, where Apache appears to be picking it up and then not forwarding to meek. The way I pictured it working (might not actually work since I didn't try it): * Run meek-server listening on 127.0.0.1:2000 (i.e., not listening externally) with ORPort 127.0.0.1:443 * XXXXXXXXXXXXXX.appspot.com forwards to https://bridges.torproject.org/meek (i.e., to port 443, not 2000, and with a path that marks it for ProxyPass forwarding) * `ProxyPass /meek/ http://127.0.0.1:2000/` recognizes the forwarded appspot requests through the /meek/ path and sends them to meek-server on localhost * meek-server then forwards the tunneled TLS back to the HTTPS port. The way this would look on the client side is something like: {{{ export TOR_PT_MANAGED_TRANSPORT_VER=1 export TOR_PT_CLIENT_TRANSPORTS=meek meek-client --url https://XXXXXXXXXXXXXX.appspot.com/ --front www.google.com }}} meek-client will output a line like `CMETHOD meek socks5 127.0.0.1:YYYYY` telling you it is listening on port YYYY. And then, download a page through the tunnel with {{{ curl --proxy socks4a://127.0.0.1:YYYY https://bridges.torproject.org/ }}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16650#comment:14> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs