[tor-bugs] #16650 [Obfuscation/BridgeDB]: Set up domain fronting for BridgeDB
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Apr 23 01:43:08 UTC 2017
#16650: Set up domain fronting for BridgeDB
-------------------------------------------------+-------------------------
Reporter: isis | Owner: isis
Type: enhancement | Status:
| needs_information
Priority: Medium | Milestone:
Component: Obfuscation/BridgeDB | Version:
Severity: Normal | Resolution:
Keywords: bridgedb-dist, bridgedb-usability, | Actual Points:
tbb-wants, usability, bridge-distribution, |
TorCoreTeam201608 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by dcf):
Replying to [comment:13 isis]:
> The new Google developer account is configured, and the meek reflector
is installed. meek-server is also installed on polyanthum, as mentioned
above. Both appear to be working, but they don't want to talk to each
other through the Apache reverse proxy. (Which doesn't matter all that
much right now, since there's nothing for them to talk ''to'' until #7520
is implemented.) Still, some help from someone with Apache wizardry skills
would be nice.
>
> Right now the XXXXXXXXXXXXXX.appspot.com domain is forwarding requests
to bridges.torproject.org:2000, where Apache appears to be picking it up
and then not forwarding to meek.
The way I pictured it working (might not actually work since I didn't try
it):
* Run meek-server listening on 127.0.0.1:2000 (i.e., not listening
externally) with ORPort 127.0.0.1:443
* XXXXXXXXXXXXXX.appspot.com forwards to
https://bridges.torproject.org/meek (i.e., to port 443, not 2000, and with
a path that marks it for ProxyPass forwarding)
* `ProxyPass /meek/ http://127.0.0.1:2000/` recognizes the forwarded
appspot requests through the /meek/ path and sends them to meek-server on
localhost
* meek-server then forwards the tunneled TLS back to the HTTPS port.
The way this would look on the client side is something like:
{{{
export TOR_PT_MANAGED_TRANSPORT_VER=1
export TOR_PT_CLIENT_TRANSPORTS=meek
meek-client --url https://XXXXXXXXXXXXXX.appspot.com/ --front
www.google.com
}}}
meek-client will output a line like `CMETHOD meek socks5 127.0.0.1:YYYYY`
telling you it is listening on port YYYY. And then, download a page
through the tunnel with
{{{
curl --proxy socks4a://127.0.0.1:YYYY https://bridges.torproject.org/
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16650#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list