getlantern / flashlight-build

Repeatable builds for Lantern, using docker.
14 stars 5 forks source link

Route HTTP traffic to trusted proxies only #185

Closed xiam closed 9 years ago

xiam commented 9 years ago

This PR adds support for routing plaintext HTTP traffic only to proxies deployed by Lantern, in this moment it may not represent any difference.

HTTPs can travel safely along trusted and untrusted proxies without compromising user's data, as the protocol itself provides point to point encryption (well, point to Trusted Third Parties and eventually to point, but that's outside our scope).

A new property trusted was added to our configuration settings, this feature depends on whether this flag is set true or not. If no servers marked as trusted are found Lantern will try to use any server (getting unsafe access is better than having no access at all).

Routing an HTTP URL would produce a log like:

curl -x 127.0.0.1:8787 http://www.google.com/humans.txt

Apr 21 19:56:19.621 - balancer: balancer.go:100 Dialing tcp://www.google.com:80 with (trusted) fronted proxy at nl.fallbacks.getiantem.org:443 using masquerade set cloudflare

While routing an HTTPs URL would look like:

curl -x 127.0.0.1:8787 https://www.google.com/humans.txt

Apr 21 19:57:05.401 - balancer: balancer.go:100 Dialing tcp://s3.amazonaws.com:443 with chained proxy at 178.62.243.211:443

You'll probably need to edit lantern.yaml manually to set the trusted field on fronted and chained proxies.

I also added many comments on the code that would make it easier to understand what is each part trying to do and fixed a few minor bugs.

See our discussion at: https://github.com/getlantern/lantern/issues/2290