Skip to content

A Simple and transparent caching forward proxy with minimal dependencies. Useful for caching various package manager files like rpm, deb etc with in local network, especially while building containers. Can cache https request using MITM

License

Notifications You must be signed in to change notification settings

harish2704/node-proxy-kutti

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Proxy-kutti

Simple and transparent caching forward proxy server written in Nodejs.

Features

  • It has only one dependency ( node-forge )
    • it is used for creating self-signed certificates dynamically for MITM https proxy server.
  • By default configuration, it will indefinitely cache all http requests irrespective of their cache headers.
  • All cached data is transparently saved to a cache directory with simple file structure.
    • Contents are saved as it & headers are saved as a json file. It can be viewed/edited later
  • If Root CA certificates are provided, then MITM HTTPS proxy server will get enabled and HTTPS Traffic also will get cached.
  • We can specify URL rewrite rules to avoid caching of same data from different mirror sites.
    • This feature will help to work with default configuration of YUM/DNF utilities which will be using different mirrors in each time.

Installation

npm i proxy-kutti

Configuration

  • proxy-kutti will listen on 127.0.0.1:8080 by default ( without any configuration )
  • All the configuration variables can be permanently stored in configuration file
  • We can even specify different configuration file using PROXY_KUTTI_CONFIG environment variable.
  • All the values specified in configuration file can be overridden by setting corresponding PROXY_KUTTI_<config key> environment variable.
  • Multiple url_rewrites rules can be specified by providing space separated list of rewrite rules.
  • url_rewrite rule, follows format used by s subcommand of sed command. The first and last charecter of the rewrite rule should be same and the same charecter is used as separator.
  • To install root CA in a CentOS-7 system, do the following
    • root@host# cp <rootCA.*> /etc/pki/ca-trust/source/anchors/
    • root@host# update-ca-trust

Example Usage

env PROXY_KUTTI_host=0.0.0.0 npx proxy-kutti

shell Output

Proxy-kutti is running...

Using env variables
  PROXY_KUTTI_CONFIG=/home/user/.config/proxy-kutti/config.js

Current Configuration ( edit /home/user/.config/proxy-kutti/config.(json|js)  or set env variable PROXY_KUTTI_<config-key>=<value> to change )
  "port": 8080,
  "host": "0.0.0.0",
  "cache_dir": "/home/user/.cache/proxy-kutti",
  "root_ca_key": "/home/user/.config/proxy-kutti/rootCA.key",
  "root_ca_cert": "/home/user/.config/proxy-kutti/rootCA.pem",
  "url_rewrites": "#http://(.*)/7.7.1908/#http://mirrors.centos/7.7.1908/# #http[s]://(.*)epel/7/x86_64/#http://mirror.epel/7/x86_64/#"


Run the following command shell to start using this proxy
  export http_proxy=http://0.0.0.0:8080
  export https_proxy=http://0.0.0.0:8080

  
2020-03-22T20:21:33.624Z Miss GET https://example.com/making-request-for-first-time => /home/user/.cache/proxy-kutti/https/example.com/GET/making-request-for-first-time.data
2020-03-22T20:21:55.839Z Miss GET https://github.com/ => /home/user/.cache/proxy-kutti/https/github.com/GET/#index.data
2020-03-22T20:26:31.251Z Miss GET https://github.com/harish2704/node-proxy-kutti/archive/master.zip => /home/user/.cache/proxy-kutti/https/github.com/GET/harish2704/node-proxy-kutti/archive/master.zip.data
2020-03-22T20:27:23.087Z Miss GET https://example.com/again-making-those-requests => /home/user/.cache/proxy-kutti/https/example.com/GET/again-making-those-requests.data
2020-03-22T20:27:35.043Z Hit! GET https://github.com/ => /home/user/.cache/proxy-kutti/https/github.com/GET/#index.data
2020-03-22T20:27:38.237Z Hit! GET https://github.com/harish2704/node-proxy-kutti/archive/master.zip => /home/user/.cache/proxy-kutti/https/github.com/GET/harish2704/node-proxy-kutti/archive/master.zip.data

Configuring MITM proxy for HTTPS traffic.

To cache HTTPS traffic , a root CA certificate has to provided to proxy server. Then the same root CA has to be installed as a trusted CA on all the client systems. Otherwise "invalid issuer" error will raise during any https request.

openssl command line can be used to generated Root CA certificate. For details please use / refer the gist generate-certificate-openssl.sh

Root CA certificates has to be placed in the location pointed by root_ca_cert & root_ca_key configuration values.

Example structure of cache directory

.
└── https
    ├── example.com
    │   └── GET
    │       ├── again-making-those-requests.data
    │       ├── again-making-those-requests.data.meta
    │       ├── making-request-for-first-time.data
    │       └── making-request-for-first-time.data.meta
    └── github.com
        └── GET
            ├── harish2704
            │   └── node-proxy-kutti
            │       └── archive
            │           ├── master.zip.data
            │           └── master.zip.data.meta
            ├── #index.data
            └── #index.data.meta

About

A Simple and transparent caching forward proxy with minimal dependencies. Useful for caching various package manager files like rpm, deb etc with in local network, especially while building containers. Can cache https request using MITM

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published