Support
Quality
Security
License
Reuse
kandi has reviewed lanproxy and discovered the below as its top functions. This is intended to give you an instant insight into lanproxy implemented functionality, and help decide if they suit your requirements.
lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具,支持tcp流量转发,可支持任何tcp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面...)。目前市面上提供类似服务的有花生壳、TeamView、GoToMyCloud等等,但要使用第三方的公网服务器就必须为第三方付费,并且这些服务都有各种各样的限制,此外,由于数据包会流经第三方,因此对数据安全也是一大隐患。技术交流QQ群 1067424330
使用
server.bind=0.0.0.0
#与代理客户端通信端口
server.port=4900
#ssl相关配置
server.ssl.enable=true
server.ssl.bind=0.0.0.0
server.ssl.port=4993
server.ssl.jksPath=test.jks
server.ssl.keyStorePassword=123456
server.ssl.keyManagerPassword=123456
#这个配置可以忽略
server.ssl.needsClientAuth=false
#WEB在线配置管理相关信息
config.server.bind=0.0.0.0
config.server.port=8090
config.admin.username=admin
config.admin.password=admin
QUESTION
Does a web request with proxy always require a new connection?
Asked 2022-Mar-13 at 22:40This is a question around how a proxy should behave with HTTPS requests. If there are 2 users behind a proxy and both go to https://example.com one after another, can the proxy reuse the existing TCP connection created with example.com earlier for user1.
Both TCP and HTTPS are different protocols, so it doesn't seem like it should affect anything, and in practice it doesn't as well.
Is there something in existing TLS implementations that might not like this kind of behavior of having two different sessions over the same connection? Would this be a bad idea from a security perspective to have the same TCP connection for different users?
ANSWER
Answered 2021-Aug-11 at 01:56You mean if two HTTP clients make requests to a reverse HTTP proxy, could the proxy reuse TCP connections to the HTTP server?
Yes, absolutely. This is called connection pooling and it is common in practice. The proxy opens a pool of persistent connections with each backend endpoint. Then, the proxy queues requests and each request gets sent on an available TCP connection.
From a TLS perspective, if the proxy is an HTTP proxy (L7), clients perform TLS handshakes with the proxy, not the backend web servers and, hence, there's no problem. However, if the proxy operates at L4, TLS termination must occur downstream (TLS pass-through), which poses complication.
My current understanding is that L4 proxies maintain 1:1 connections with backends. Meaning, each incoming connection has a corresponding outgoing connection to a backend, which removes our ability to reuse connections and leverage connection pooling.
For example, NGINX does this:
NGINX maintains a “cache” of keepalive connections – a set of idle keepalive connections to the upstream servers – and when it needs to forward a request to an upstream, it uses an already established keepalive connection from the cache rather than creating a new TCP connection.
Load Balancing with NGINX and NGINX Plus, Part 2
Helpful resources
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
No vulnerabilities reported
Save this library and start creating your kit
Explore Related Topics
Save this library and start creating your kit