Access my workplace intranet with a wrapper/mirror website resides on my vps.

[hongy...@gmail.com]

I've a vps with the my.domain.xyz FQDN. At the meanwhile, a socks5 proxy server runs on VPS and listens on port 1080 which can access the website on my office subnet, say, by starting chrome with the following command:

$ google-chrome --proxy-server="socks5://my.domain.xyz:1080"

Then I can access my workplace intranet, say, the following one:

http://10.10.10.10:2021

This way works but some cumbersome settings are required. I want to access my workplace intranet with a wrapper/mirror website resides on my vps, say, http://my.domain.xyz:21080, which can access the intranet website via the socks5 proxy server mentioned above. I mean, when I open the URL http://my.domain.xyz:21080 from anywhere outside of the workplace intranet, it will automatically redirected to http://10.10.10.10:2021 via the socks5 proxy server "socks5://my.domain.xyz:1080".

Is there a feasible way to achieve this aim with the help of unix tools/javascript/python?

Regards,
HZ

[Grant Taylor]

On 11/4/21 12:13 AM, hongy...@gmail.com wrote:
> Is there a feasible way to achieve this aim with the help of unix
> tools/javascript/python?

Yes, there are ways to do this.

I would suggest spend some time thinking about the security implications
of making a website that's inherently not available to the Internet be
available to the Internet via what you're talking about doing.

socat immediately comes to mind.



--
Grant. . . .
unix || die

[hongy...@gmail.com]

Thank you for your hit the nail on the head hints. Googling with the following keywords gives me much wonderful examples:

socat http server

Say, the following ones:

https://unix.stackexchange.com/questions/448837/create-https-server-with-socat
https://ixday.github.io/post/simple_https/
https://stackoverflow.com/questions/29739901/socat-fake-http-server-use-a-file-as-server-response
https://gist.github.com/baleyko/003a089deb4f532552ef674e9ff4cea9

HZ

[Grant Taylor]

On 11/4/21 11:21 PM, hongy...@gmail.com wrote:
> Thank you ...

You're welcome.

#hazFun #beSafe #playNiceWithOthers

[hongy...@gmail.com]

On Friday, November 5, 2021 at 1:51:54 PM UTC+8, Grant Taylor wrote:
> On 11/4/21 11:21 PM, hongy...@gmail.com wrote:
> > Thank you ...
>
> You're welcome.

The official socat release does not support socks5 proxy, so I compiled the version here [1] with the following commands:

$ sudo apt build-dep socat
$ sudo apt install yodl
$ autoreconf -vfi
$ ./configure
$ make -j44
$ sudo make install

Then I test the problem discussed here with the following command from my VPS:

$ socat -v -d -d TCP4-LISTEN:8888,fork,reuseaddr socks5:127.0.0.1:10.8.10.220:2021,socksport=6001

Additional note above the above command:

127.0.0.1:6001 is the socks5 proxy server running on vps which can access the intranet website: 10.8.10.220:2021

Then I try to open http://127.0.0.1:8888 using Firefox running on the vps, but I meet the following error reproted by socat:

$ socat -v -d -d TCP4-LISTEN:8888,fork,reuseaddr socks5:127.0.0.1:10.8.10.220:2021,socksport=6001
2021/11/05 15:00:30 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:38 socat[1303141] N accepting connection from AF=2 127.0.0.1:60354 on AF=2 127.0.0.1:8888
2021/11/05 15:00:38 socat[1303141] N forked off child process 1313292
2021/11/05 15:00:38 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:38 socat[1313292] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:38 socat[1313292] N exit(1)
2021/11/05 15:00:38 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:38 socat[1303141] N accepting connection from AF=2 127.0.0.1:60372 on AF=2 127.0.0.1:8888
2021/11/05 15:00:38 socat[1303141] N forked off child process 1313455
2021/11/05 15:00:38 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:38 socat[1313455] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:38 socat[1313455] N exit(1)
2021/11/05 15:00:38 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60486 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314891
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314891] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314891] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60488 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314906
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314906] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314906] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60490 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314907
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314907] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314907] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60492 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314910
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314910] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314910] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60494 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314913
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314913] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314913] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60496 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314914
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314914] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314914] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60498 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314918
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314918] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314918] N exit(1)
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60500 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314919
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314919] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314919] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60502 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314922
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314922] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314922] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60504 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314923
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314923] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314923] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17
2021/11/05 15:00:39 socat[1303141] N accepting connection from AF=2 127.0.0.1:60506 on AF=2 127.0.0.1:8888
2021/11/05 15:00:39 socat[1303141] N forked off child process 1314926
2021/11/05 15:00:39 socat[1303141] N listening on AF=2 0.0.0.0:8888
2021/11/05 15:00:39 socat[1314926] E parseopts(): option "socksport" not supported with this address type
2021/11/05 15:00:39 socat[1314926] N exit(1)
2021/11/05 15:00:39 socat[1303141] N childdied(): handling signal 17

[1] https://github.com/runsisi/socat

HZ

[hongy...@gmail.com]

On Friday, November 5, 2021 at 3:19:06 PM UTC+8, hongy...@gmail.com wrote:
> On Friday, November 5, 2021 at 1:51:54 PM UTC+8, Grant Taylor wrote:
> > On 11/4/21 11:21 PM, hongy...@gmail.com wrote:
> > > Thank you ...
> >
> > You're welcome.
> The official socat release does not support socks5 proxy, so I compiled the version here [1] with the following commands:
>
> $ sudo apt build-dep socat
> $ sudo apt install yodl
> $ autoreconf -vfi
> $ ./configure
> $ make -j44
> $ sudo make install
>
> Then I test the problem discussed here with the following command from my VPS:
>
> $ socat -v -d -d TCP4-LISTEN:8888,fork,reuseaddr socks5:127.0.0.1:10.8.10.220:2021,socksport=6001
>
> Additional note above the above command:
>
> 127.0.0.1:6001 is the socks5 proxy server running on vps which can access the intranet website: 10.8.10.220:2021
>
> Then I try to open http://127.0.0.1:8888 using Firefox running on the vps, but I meet the following error reproted by socat:
>
> $ socat -v -d -d TCP4-LISTEN:8888,fork,reuseaddr socks5:127.0.0.1:10.8.10.220:2021,socksport=6001

But the following testing with a HTTP proxy running on port 6002 works as expected:

$ socat -v -d -d TCP4-LISTEN:2021,fork,reuseaddr PROXY:127.0.0.1:10.8.10.220:2021,proxyport=6002

Another notes: It seems the TCP4-LISTEN must be used as follows in this question:

TCP4-LISTEN:2021

I mean, socat must listen on the same port locally as the remote intranet website.

[hongy...@gmail.com]

On Friday, November 5, 2021 at 4:19:14 PM UTC+8, hongy...@gmail.com wrote:
> On Friday, November 5, 2021 at 3:19:06 PM UTC+8, hongy...@gmail.com wrote:
> > On Friday, November 5, 2021 at 1:51:54 PM UTC+8, Grant Taylor wrote:
> > > On 11/4/21 11:21 PM, hongy...@gmail.com wrote:
> > > > Thank you ...
> > >
> > > You're welcome.
> > The official socat release does not support socks5 proxy, so I compiled the version here [1] with the following commands:
> >
> > $ sudo apt build-dep socat
> > $ sudo apt install yodl
> > $ autoreconf -vfi
> > $ ./configure
> > $ make -j44
> > $ sudo make install
> >
> > Then I test the problem discussed here with the following command from my VPS:
> >
> > $ socat -v -d -d TCP4-LISTEN:8888,fork,reuseaddr socks5:127.0.0.1:10.8.10.220:2021,socksport=6001
> >
> > Additional note above the above command:
> >
> > 127.0.0.1:6001 is the socks5 proxy server running on vps which can access the intranet website: 10.8.10.220:2021
> >
> > Then I try to open http://127.0.0.1:8888 using Firefox running on the vps, but I meet the following error reproted by socat:
> >
> > $ socat -v -d -d TCP4-LISTEN:8888,fork,reuseaddr socks5:127.0.0.1:10.8.10.220:2021,socksport=6001
> But the following testing with a HTTP proxy running on port 6002 works as expected:
>
> $ socat -v -d -d TCP4-LISTEN:2021,fork,reuseaddr PROXY:127.0.0.1:10.8.10.220:2021,proxyport=6002

And the following testing with the socks5 proxy running on port 6001 works as expected:

$ socat -v -d -d TCP4-LISTEN:2021,fork,reuseaddr socks5:127.0.0.1:10.8.10.220:2021,socks5port=6001

And the socat version with socks5 support [1] must be used in the above testing.

[1] https://github.com/runsisi/socat

[hongy...@gmail.com]

But I still failed to use SSL/TLS protocol with socat, say, by the follow command:

$ socat -v -d -d tcp-listen:2021,fork,reuseaddr socks5:127.0.0.1:www.google.com:443,socks5port=18888

Then open the following URL in Firefox can't let me access google:

http://localhost:2021/

But use the above socks5 proxy directly in Firefox works.

HZ

[hongy...@gmail.com]

I also tried with the following URL:

https://localhost:2021/

But meet the following error:

404. That’s an error.

The requested URL / was not found on this server. That’s all we know.