Installing phpMyProxy in Ubuntu

Download phpMyProxy_1.0.3.zip and extract it into the web host directory.

$unzip phpMyProxy_1.0.3.zip /var/www

phpMyProxy requires the client URL library for PHP.

$ sudo apt-get install php5-curl

Modify the proxy.config.php file; it’s recommended to change the 'url_var_name' from 'q' to something else like 'url' otherwise Google search would not work with phpMyProxy.

To hide your traffic it’s recommend do encryption with SSL which can be easily setup with Apache.

Browsing Futureshop.ca with phpMyProxy

Related posts:

1. Apache mod_proxy and Reverse Proxy
2. Surfing the Web using SSH Tunnel
3. Integrating Tomcat and Apache Using Proxy

Configuring BdtWebServer

Mono XSP is a lightweight and simple webserver written in C# which runs run ASP.NET applications.

To install Mono XSP run the following:

$ apt-get install mono-xsp2
$ apt-get install libmono-system-runtime2.0-cil

To ensure that XSP is properly installed you can install the ASP.NET 1.1 and 2.0 demo pages.

$ apt-get install asp.net2-examples
$ xsp2 --applications /:/usr/share/asp.net2-demos

When the server has successfully started, point your browser to http://localhost:8080 (the default port for XSP web server is 8080) to display the web page below:

ASP.NET Examples

If the following error is encountered:

System.InvalidOperationException: Standard output has not been redirected or process has not been started.

Run the following command to address the issue:

ln -s /usr/bin/gmcs2 /usr/bin/gmcs

Now the BdtWebServer is ready to be started:

xsp2 --port 8080 --nonstop --applications /:/opt/bdt.bin.1.4.3066.mono/BdtWebServer

--nonstop don’t stop the server by pressing enter. Must be used when the server has no controlling terminal.

Configuring BdtClient

Setting up the BdtClient to establish a connection to BdtWebServer is similar to BdtServer with the exception that the name attribute is set to BdtServer.soap in the service tag of the configuration file.

<service name="BdtServer.soap" .../>

Security Issue

When hosting the BdtWebServer application in a web server the BdtServerCfg.xml (which contains the username and passwords) will be exploit when you point the web browser http://my.server:8080/BdtServerCfg.xml.

To address this issue I setup XSP to integrate with Apache/mod_proxy by configuring the following Apache configuration to forbid access to BdtServerCfg.xml

    <Location /BdtServerCfg.xml>
        Order deny,allow
        Deny from all
    </Location>

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyRequests off
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

Finally, I setup a firewall to block port 8080 from public access.

Related posts:

1. HTTP Tunnel Through ISA Server
2. Building Mono from Source
3. SSH through HTTP Proxies

BoutDuTunnel is an open source project written in C# and is compatible with HTTP proxy servers, even if they use NTLM authentication (like ISA Server) and even if they prohibit the “connect method”.

To setup BoutDuTunnel on Ubuntu I had to install Mono.  When using Mono 2.0.1 or 2.4 an error occurred Unexpected binary element: 21 when running the BdtClient.exe. Therefore I installed Mono 1.9.1 by building it from the source.

Instead of installing the latest version of BoutDuTunnel, I installed 1.4.3066 because an error would occur on the BoutDuTunnel server moments after the BoutDuTunnel client connected to it.

Unhandled Exception: System.MethodAccessException: Method `Bdt.Server.Service.TunnelSession:CheckTimeout (Bdt.Shared.Logs.ILogger)' is inaccessible from method `Bdt.Server.Service.TimeoutObject:CheckTimeout (Bdt.Shared.Logs.ILogger,System.Collections.Generic.Dictionary`2)'

Setting Up the HTTP Tunnel

Setting Up BdtServer (on the home computer)

The BdtServer can be setup through the command line or hosted inside Apache/mod_mono.  To setup BdtServer with the command line extract the BoutDuTunnel and modify the BdtServer configuration file.

$ unzip bdt.bin.1.4.3066.mono.zip
$ cd bdt.bin.1.4.3066.mono/BdtServer
$ nano BdtServerCfg.xml

The configuration file is well commented and should be similar to the following:

Configure binary stream/HTTP as the communication protocol to be used.

<service
name     = "BdtServer"
protocol = "Bdt.Shared.Protocol.HttpBinaryRemoting"
port     = "8080"
/>

Require user be authenticated before establishing a communication.

<users>
<username
enabled  = "true"
password = "password"
/>
</users>

To start up BdtServer execute the following:

$ cd bdt.bin.1.4.3066.mono/BdtServer/
$ mono BdtServer.exe

Setting Up BdtClient (on the office computer)

There are two types of client available for BoutDuTunnel:

• BdtClient run by the command line
• BdtGuiClient which provides a GUI interface

To setup BdtClient modify the BdtClientCfg.xml configuration file.

Configure hostname and communication protocol for server with BdtServer.

  <service
    name     = "BdtServer"
    protocol = "Bdt.Shared.Protocol.HttpBinaryRemoting"
    address  = "my.server"
    port     = "8080"
    username = "my.username"
    password = "my.password"
  />

Configure the proxy/ISA server to be used.

  <proxy
    enabled  = "true">
    <authentification
      auto     = "false"
      username = "proxy.username"
      password = "proxy.password"
      domain   = "proxy.domain"
    />
    <configuration
      auto     = "false"
      address  = "proxy.hostname"
      port     = "proxy.port"
    />
  </proxy>

Configure the ports to be forwarded.

  <forward>
    <port22
      shared  = "false"
      enabled = "true"
      address = "my.ssh.server"
      port    = "22"
    />
  </forward>

Run the BoutDuTunnel client to establish a tunnel connection to the BdtServer.

C:\bdt.bin.1.4.3066.mono\BdtClient>BdtClient

Now a SSH connection can be establish to your home computer by connecting through localhost:22

Related posts:

1. Installing BoutDuTunnel Server on Mono XSP
2. SSH through HTTP Proxies
3. Surfing the Web using SSH Tunnel

The first requirement is to have a remote host running an SSH server. e.g. a box at home running OpenSSH. Then, you need to have an SSH client installed on your local machine, for Windows you can use PuTTY.

Establish an SSH tunnel using PuTTY:

Create a new PuTTY session

Run PuTTY and create a new session to connect to the remote host. Fill in the hostname, the port (usually 22), make sure SSH is checked.

Configure the Secure Tunnel

Click on “Tunnels” on the left panel to set up dynamic fowarding for a local port. Under “Add new forwarded port” type in the port number (e.g. 4080) for the source port, leave the destination blank, and check Auto and Dynamic. Then click the “Add” button. You should see D4080 listed in the “Forwarded Ports” box.

Establish an SSH tunnel on Linux:

Use the following command:

$ ssh -D 4080 username@remote_host_server

The tunnel is created when you login to the SSH server.

Configuring Your Web Browser:

To use the SSH tunnel as a SOCKS proxy you need to change the connection settings in the browser.

In the Firefox Connection Settings:

• Check “Manual Proxy Configuration:”
• Fill in 127.0.0.1 for the “SOCKS Host:” and 4080 for “Port:”
• Check “SOCKS v5″

Once everything is done you are now surfing the web securely.

Related posts:

1. Remote Desktop with SSH Tunneling
2. SSH through HTTP Proxies
3. HTTP Tunnel Through ISA Server

To create a HTTP tunnel I chose to use the GNU HTTP Tunnel software which does the work to encapsulate TCP into HTTP requests. For the Windows platform a binary version is also available

Setting up the tunnel

On the home computer (server):

Install the GNU HTTP Tunnel with the following command:

$ apt-get install httptunnel

Start the HTTP Tunnel server:

$ hts --forward-port localhost:22 8080

Here the HTTP Tunnel server receives HTTP requests through port 8080, decapsulates and re-assembles the ssh stream and forwards it to port 22, the SSH server.

On the office computer (client):

Start the HTTP Tunnel client:

$ htc --forward-port 900 --proxy OfficeProxy:8080 HomeComputer:8080

Here the HTTP Tunnel client listens on port 900 for a ssh stream, as well it establishes a TCP connection which can pass data back and forth to the home computer through the HTTP proxy.

If the proxy requires authentication, add --proxy-authorization username:password to the htc command line.

Finally to establish a SSH connection run the following:

$ ssh username@localhost:900

For information: Punching holes into firewalls

Related posts:

1. HTTP Tunnel Through ISA Server
2. Surfing the Web using SSH Tunnel
3. Remote Desktop with SSH Tunneling

Apache can be configured in both a forward and reverse proxy mode. Only reverse proxy will be discussed in this section.

A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently.

Note: A reverse proxy is activated using the ProxyPass directive. It is not necessary to turn ProxyRequests on in order to configure a reverse proxy.

Setting Up Reverse Proxy

Enable the mod_proxy module

$ a2enmod proxy

Enable the mod_proxy_http module if you are going to proxy to a http protocol

$ a2enmod proxy_http

Add the following to the /etc/apache2/httpd.conf or a virtual host site in /etc/apache2/sites-available:

ProxyRequests Off
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPreserveHost on
ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar

For more information on mod_proxy refer to the Apache documentation at http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

Related posts:

1. Integrating Tomcat and Apache Using Proxy
2. Apache for Ubuntu Quickstart Guide
3. Configuring Apache for SSL Support