How to work from behind proxies ? (with patch providing a partial solution)

Vincent LADEUIL v.ladeuil at alplog.fr
Thu Jul 27 15:45:55 BST 2006 

>>>>> "jam" == John Arbash Meinel <john at arbash-meinel.com> writes:

    jam> Vincent LADEUIL wrote:
    >>>>>>> "Jan" == Jan Hudec <bulb at ucw.cz> writes:
    >>
    Jan> On Thu, Jul 27, 2006 at 10:39:03AM +0200, Vincent
    Jan> LADEUIL wrote:
    >> >> I encounter some problems while trying to share some >>
    >> sources between two sites both behind a proxy.
    >> >> 
    >> >> The network involved is like this :
    >> >> 
    >> >> site F:
    >> >> 
    >> >> - bzr.dev/Solaris - strong proxy (http proxy requiring
    >> >> authentication, ftp allowed if tunneled thru http) - >>
    >> simple user of both host and network
    >> 
    Jan> Most proxies (not all -- some actually check it starts
    Jan> with ssl handshake) don't check what's going on https
    Jan> connection. So an easy solution is to run ssh on port
    Jan> 443 if you are not serving secured web pages.
    >>  I thought of that, but I serve other secured web pages,
    >> but thanks for the hint.

    jam> Like the other post said, you can multiplex 443 because
    jam> of differences between SSH and HTTPS.  And if your proxy
    jam> did check for an ssl handshake, you can still do
    jam> whatever you want after establishing an SSL
    jam> connection. Since it is an encrypted pipe.  But that
    jam> would require something custom on the client end as
    jam> well.  Multiplexing on 443 just means you need to tell
    jam> bzr to use 'sftp://host:443'.


Does that  confirm that sftp  is the only protocol  allowing 'bzr
push' yet ?

And  as you didn't  answer to  the other  points in  the original
mail, does that mean that you consider using pycurl from behind a
restricted firewall  not worth  the effort ?  Or is it  just that
sftp is better considering my encryption requirement ?

    jam> You can also look at this page:
    jam> http://dag.wieers.com/howto/ssh-http-tunneling/

That looks  promising (I still need  to make H a  FQDN host (only
static IP for now), but that's the best solution so far).

That's still  intrusive for the  general case (that  creates more
dependencies to install before using bzr).

    jam> That seems like it works just based on having the
    jam> 'proxytunnel' program installed locally, and configuring
    jam> Apache to proxy requests through port 443.

I will try it.


<snip/>

    jam> Martin is currently working on it. I know he has a
    jam> branch here:
    jam> http://people.ubuntu.com/~mbp/repo/bzr.mbp.ssh/

I'll have a look.

    jam> But I know he has been working for a while, and that
    jam> hasn't been updated in a month.

Ok.

Thanks for your replies,

       Vincent

More information about the bazaar mailing list