How to work from behind proxies ? (with patch providing a partial solution)

John Arbash Meinel john at arbash-meinel.com
Thu Jul 27 13:49:44 BST 2006 

Vincent LADEUIL wrote:
>>>>>> "Jan" == Jan Hudec <bulb at ucw.cz> writes:
> 
>     Jan> On Thu, Jul 27, 2006 at 10:39:03AM +0200, Vincent
>     Jan> LADEUIL wrote:
>     >> I encounter some problems while trying to share some
>     >> sources between two sites both behind a proxy.
>     >> 
>     >> The network involved is like this :
>     >> 
>     >> site F:
>     >> 
>     >> - bzr.dev/Solaris - strong proxy (http proxy requiring
>     >> authentication, ftp allowed if tunneled thru http) -
>     >> simple user of both host and network
> 
>     Jan> Most proxies (not all -- some actually check it starts
>     Jan> with ssl handshake) don't check what's going on https
>     Jan> connection. So an easy solution is to run ssh on port
>     Jan> 443 if you are not serving secured web pages. 
> 
> I  thought of  that, but  I serve  other secured  web  pages, but
> thanks for the hint.

Like the other post said, you can multiplex 443 because of differences
between SSH and HTTPS.
And if your proxy did check for an ssl handshake, you can still do
whatever you want after establishing an SSL connection. Since it is an
encrypted pipe.
But that would require something custom on the client end as well.
Multiplexing on 443 just means you need to tell bzr to use
'sftp://host:443'.


You can also look at this page:
http://dag.wieers.com/howto/ssh-http-tunneling/

That seems like it works just based on having the 'proxytunnel' program
installed locally, and configuring Apache to proxy requests through port
443.

> 
>     Jan> The advantage is that it's easier to setup than webdavs
>     Jan> (many web proxies don't support webdav or don't support
>     Jan> all of it, so running over plain http may not work --
>     Jan> and besides it can be monitored).
> 
> webdav is  already installed and works  well for now  but I don't
> know any use of it by bzr.
> 
> Is there some public versions  of the smart server lying around ?
> I'll be happy to test it or even work (with limited resources) on
> it.
> 
>      Vincent

Martin is currently working on it. I know he has a branch here:
http://people.ubuntu.com/~mbp/repo/bzr.mbp.ssh/

But I know he has been working for a while, and that hasn't been updated
in a month.

John
=:->

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060727/808eb404/attachment.pgp

More information about the bazaar mailing list