-
Notifications
You must be signed in to change notification settings - Fork 18
Controlling TinyProxy
We use TinyProxy to provide a proxy for HTTP access from inside your container on PEERING routers. If your experiment does not run containers on PEERING routers, then you have no need to use TinyProxy.
Run ./peering proxy to get a description of command-line parameters available to interact with TinyProxy. The proxy for a given router's container needs to start after the OpenVPN tunnel is established, or TinyProxy will be unable to bind to the right IP address.
This script reads your container's allocated prefix ID from a file named container.txt. This information is necessary to compute prefixes and install routes, you can find your container's ID on the PEERING website dashboard. Generate the file with echo ID > container.txt.
Bringing up a proxy prints relevant information to access and interact with that router's container.
TinyProxy addresses for isi01 (tap2, 2)
local address: 100.66.128.6:8802
subnet: 100.125.16.8/30
pidfile: /home/cunha/git/peering/client/var/tinyproxy.isi01.pid
logfile: /home/cunha/git/peering/client/var/tinyproxy.isi01.log
updating (add) 100.125.16.8/30 via 100.66.128.1 dev tap2
updating (add) 2804:269c:ff03:2:2::/80 via 2804:269c:ff00:2:1::1 dev tap2
You can SSH into your container by using the second host in the /30
subnet. In other words, SSH to the third address in the /30. You should log in as root using your private key:
ssh -i ~/.ssh/peering_id_rsa root@100.125.16.10
You can use the proxy on the container by setting the http_proxy
environment variable to match TinyProxy's local address (above).
export http_proxy=http://100.66.128.6:8802/
apt update
apt install lighttpd
Containers have limited RAM and disk space. The amount of RAM available on containers is insufficient to run a PEERING client on IXP sites (e.g., amsterdam01 and seattle01). We recommend users run the PEERING client remotely (e.g., on the cloud or at a server in their institution), and route traffic into the container by rewriting the BGP next-hop field (see the -M parameter to ./peering prefix).