What is a proxy server
A proxy server acts as a gateway between you and the Internet, acting like a middleman. It is essentially an intermediary server that separates users from the sites they visit.
If you use a proxy server, traffic will flow through the proxy server to your requested address. The request is then returned through the same proxy server, which forwards the data it receives from the site to you.
Of course, if only this, there is no need to use a proxy server, we directly visit the website is not more beautiful?
Proxy servers are now much more than just forwarding Web requests, it’s all about data security and network performance. Proxy servers act as firewalls and Web filters, provide shared network connections, and cache data to speed up common requests. It also protects users and internal networks from the adverse effects of the external Internet.
How does Java use proxy servers
Java has two ways to set up a proxy server
How to set up
- Using the command line option
java -Dhttp.proxyHost=webcache.example.com
-Dhttp.proxyPort=8080
-Dhttp.nonProxyHosts="localhost|host.example.com"
test.jar
Copy the codeAll HTTP connections will be listened on port 8080 via a proxy server on webcache.example.com (default is 80 if port is not specified), and connections to localhost or host.example.com will not use a proxy.
- through
System. SetProperty (String, String)methods
// Set the proxy
System.setProperty("http.proxyHost"."webcache.example.com");
System.setProperty("http.proxyPort"."8080");
// The next connection will use the proxy
URL url = new URL("http://java.example.org/");
InputStream in = url.openStream();
// Clear the proxy
System.clearProperty("http.proxyHost");
// From now on, HTTP connections will be completed directly without proxy
Copy the codeParameters that
- ProxyHost: indicates the host name of the proxy server
- Http. proxyPort: indicates the port number. The default is 80
- ProxyHost: specifies the host name of the HTTPS proxy server
- HTTPS. ProxyPort: specifies the proxyPort number. The default value is 443
- HTTP. NonProxyHosts: specify the bypass proxy host list, use | segmentation model list, you can begin with a wildcard * or the end, any host matches one of these patterns will be accessed through connected directly rather than through the agent. This setting applies to HTTP and HTTPS
Other such as FTP, socket and other Settings you can refer to the official document: https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
Using a proxy server
As I said before, the normal case is just forwarding requests, we don’t need a proxy server, but I happen to have an unusual case. Our service is deployed in Kubernetes, but some requests need to access internal services from the Intranet, and some requests need to download files from the Internet. In addition, the internal IP address and public IP address cannot be set at the same time. If the internal IP address is set at the same time, other services will consider that the external network is accessing it.
Therefore, the solution is to deploy our service in the worker with Intranet access, and deploy the proxy server in the worker with public IP. When some access needs to access the Internet, the proxy server can be used. For proxy server, we chose squid, an old product.
squid
First deploy squid’s service
apiVersion: apps/v1
kind: Deployment
metadata:
name: squid
spec:
replicas: 1
selector:
matchLabels:
run: squid
template:
metadata:
labels:
run: squid
spec:
nodeSelector:
node.vks/internet-access: "true"
volumes:
- name: proxy-config
configMap:
name: proxy-configmap
containers:
- name: squid
Image: squid sameersbn / : 3.5.27-2
imagePullPolicy: IfNotPresent
Mount the squid configuration file to /etc/squid
volumeMounts:
- name: proxy-config
mountPath: /etc/squid
readOnly: true
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: proxy-service
spec:
ports:
- port: 80
selector:
run: squid
Copy the codeThe proxy.conf configuration is actually the default, so you can use either the default or the one I’ve optimized
http_port 80
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
The acl localnet SRC 10.0.0.0/8# RFC1918 possible internal network
The acl localnet SRC along / 12# RFC1918 possible internal network
The acl localnet SRC 192.168.0.0/16# RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny CONNECT ! SSL_ports
http_access allow localhost manager
http_access allow localnet
http_access deny manager
http_access allow all
# disable caching
cache deny all
cache_mem 8 MB
cache_dir null /tmp
# disable unnecessary logs
cache_log / dev/null
# To make it anonymous
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
Copy the codeNote that Node. VKS /internet-access: “true”,squid is deployed in worker with public network access.
Curl = curl = curl = curl = curl = curl = curl
Set Java runtime parameters
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld
spec:
replicas: 1
selector:
matchLabels:
run: helloworld
template:
metadata:
labels:
run: helloworld
spec:
nodeSelector:
node.vks/intranet: "true"
containers:
- name: helloworld
image: docker-registry.xxx.com/hello_proxy
imagePullPolicy: Always
ports:
- containerPort: 8080
command: ["java"]
args: ["-Dhttp.proxyHost=proxy-service"."-Dhttp.proxyPort=80"."-Dhttps.proxyHost=proxy-service"."-Dhttps.proxyPort=80"."-jar"."target/app.jar"]
Copy the codeHere we deploy our service to the Intranet via Node. VKS /intranet-ip: “true”. The code for hello_proxy is pretty simple
@PostConstruct
private void init(a) {
try {
System.out.println("http.ProxyHost=" + System.getProperty("http.proxyHost"));
System.out.println("http.ProxyPort=" + System.getProperty("http.proxyPort"));
System.out.println("https.ProxyHost=" + System.getProperty("https.proxyHost"));
System.out.println("https.ProxyPort=" + System.getProperty("https.proxyPort"));
hostname = InetAddress.getLocalHost().getHostName();
} catch (UnknownHostException e) {
hostname = "unknown host";
}
}
Copy the codeOf course, you can write a controller to download files from the external network or request internal service controller to verify.