Skip to content
cjhaas blog

Basically a place that Chris can post solutions to problems so he can easily find them later

cjhaas blog

Basically a place that Chris can post solutions to problems so he can easily find them later

Living the proxy life

Posted on April 4, 2023 By [email protected]

For local development, we use the Symfony binary which allows us to both use regular host names such as example.wip (work in progress), as well as a TLS certificate so we can use HTTPS. Very awesome.

After setup, you just need to add a proxy pac file to your browser/OS which has this very simple rule:

    // Proxy local development
    if (dnsDomainIs(host, '.wip')) {
            return 'PROXY 127.0.0.1:7080';
    }

One of our clients has some of their web servers under IP lockdown, and now that I’m working from home, safe-listing my home IP is technically possible, they just don’t really like to do that to home IPs which comes from a DHCP pool. I get it.

VPN is the obvious choice, however, due to a bug in UniFI and/or strongSwan, when connecting two users on the same remote network to our VPN, only the first can every succeed and the second person ends up in a limbo, and since my wife and I both work at the same office and need to VPN, that’s not an option. Luckily for us, I can just setup a site-to-site VPN and bridge the two networks. That’s been going great for the past several years until now.

Since we are remodeling our office, we’re back to working from home again. (I’m not really sure how many times we’ve done this now. Lockdown was #1. Literally the day we returned to the office Lumen went down, so we all went back home again, that was #2. I think over the past 2 years I’ve sent employees home 3 or 4 times because of Lumen outages.)

My temporary fix has been to hotspot my laptop and then VPN over that. That works, but has been a pain. But now I’m back to my desktop which doesn’t have Wi-Fi. I could get an adapter, but I really need to live on this connection and a hotspot isn’t going to cut it.

Enter the proxies

My first fix was to install a virtual machine on my Synology so that I could install Ubuntu and ultimately the Squid proxy. That was all pretty straightforward, and I set my computer to proxy through that server on port 3128 and it just worked. Yay!

Except.

Now my Symfony proxy was broken.

Well, back to that setup script, looks like I just needed to modify it to route local dev through one proxy, and then other traffic through the corporate one. While doing that I also realized that I could only send a subset of traffic through it, too, instead of all of my HTTP/HTTP traffic.

function FindProxyForURL (url, host) {

        // Proxy local development
        if (dnsDomainIs(host, '.wip')) {
                return 'PROXY 127.0.0.1:7080';
        }

        // Run certain domains through corporate proxy
        if (dnsDomainIs(host, "xyz.example.com") || dnsDomainIs(host, "abc.example.com")) {
                return 'PROXY 192.168.1.28:3128';
        }

        return 'DIRECT';
}

Then I just installed a quick webserver on the proxy machine, put that file out on it and set my computer to use that for a setup script. Yay again!

SSH proxy

The next step is tunneling SSH traffic.

During the Ubuntu installation I of course turned on OpenSSH in order to administer the server, and out of the box it can tunnel SSH traffic. On the command line you can just issue a command such as:

ssh -J [email protected] [email protected]

I’ve got two problems related to that command however:

  1. First, I have different keys for my local machine and my client machine, so I need to provide multiple identify files
  2. Second, I need to jump from my home, to the office, and then on to the client, so I need multiple hops

Enter the ~/.ssh/config file.

I generally don’t use this file that much. Nothing against it, just never had much of a need. I know the hosts I’m connecting to, and either I’ve got a set of known keys I use, or I just add -i when I SSH to specify.

But this file actually solves both of my problems because I can specify IdentityFile for each host, as well as ProxyJump to identify the server that needs to be connected to first.

So a sample file might look like:

Host corporate-jump-server
    HostName 192.168.1.28
    User my-user-account
    IdentityFile ~/.ssh/id_ed25519

Host client-jump-server
    ProxyJump corporate-jump-server
    HostName 3.3.256.256
    User remote-user-123
    IdentityFile ~/.ssh/client-key.pem

Host client-server
    ProxyJump client-jump-server
    HostName 5.5.256.256
    User remote-user-456
    IdentityFile ~/.ssh/client-key-2.pem

Then to get to 5.5.256.256 I just run ssh client-server and all of the jumps are taken care of for me.

Ignoring the actual Ubuntu installation itself, I spent more time writing this blog post than setting up those proxies. Very quick and easy, and I didn’t need to mess with my own computer that much so that when we go back to the office I don’t have to spend a bunch of time undoing things.

SSH

Post navigation

Previous post
Next post

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts

  • Google open redirect
  • How to use AI to write code
  • Doctrine/Symfony MariaDB DSN connection string
  • Creating a portable copy of pdftotext from source
  • Gravity Forms shortcode getting extra line breaks when used with ACF

Recent Comments

  • jose luis on #2 – VB.Net iTextSharp Tutorial – Add an image to a document
  • Eliezer Castanon on iTextSharp slightly smarter text extraction strategy
  • javad on How to recompress images in a PDF using iTextSharp
  • MANOUS3784 on Flock is awesome
  • Sang on Flock is awesome

Archives

  • June 2026
  • October 2025
  • November 2023
  • September 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • December 2022
  • September 2022
  • April 2022
  • October 2021
  • September 2021
  • April 2021
  • January 2021
  • October 2020
  • August 2020
  • June 2020
  • May 2020
  • December 2019
  • November 2019
  • October 2019
  • July 2019
  • May 2019
  • December 2018
  • October 2018
  • July 2018
  • November 2017
  • October 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • September 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • November 2013
  • May 2013
  • April 2013
  • March 2013
  • January 2013
  • November 2012
  • October 2012
  • July 2012
  • March 2012
  • January 2012
  • October 2011
  • September 2011
  • July 2011
  • February 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • June 2010
  • April 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009

Categories

  • Accessibility
  • Advanced Custom Fields
  • Authorize.Net
  • BWP Minify
  • Composer
  • Crappy Google Search Results of the Day
  • CSS
  • Doctrine
  • Drupal
  • Drush
  • Elasticsearch
  • Fun links of the day
  • Google Analytics
  • Gravity Forms
  • HHVM
  • HTML
  • iTextSharp
  • JavaScript
  • Linux
  • mysql
  • nginx
  • Optimization
  • PDF
  • PdfPTable
  • PHP
  • Plugins
  • Ramblings
  • Random things I learned
  • Redis
  • Security
  • simplesamlphp
  • SQL Server
  • SSH
  • SSL/TLS/HTTPS
  • Stack Overflow
  • SVG
  • Symfony
  • Synology
  • Uncategorized
  • Unicode
  • Varnish
  • Vendi Best Practice
  • VIP
  • Weird Google Search Results
  • Windows
  • WordPress
  • WP-CLI

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
©2026 cjhaas blog | WordPress Theme by SuperbThemes