Domain fronting on Microsoft Azure
681 views
Skip to first unread message
David Fifield
Sep 22, 2014, 4:21:01 AM9/22/14
to traff...@googlegroups.com
I spent some time getting domain fronting to work on Azure, which is a
cloud platform with a CDN.
https://trac.torproject.org/projects/tor/wiki/doc/meek#MicrosoftAzure
Azure's CDN isn't like other CDNs in that you can't point it at an
arbitrary domain. It can only point to an Azure service. You can do the
same thing you do on App Engine: run a tiny "reflector" app on the
service that simply copies requests to where you would have pointed the
CDN. I got it to work with both a PHP and Python (WSGI) reflector. I
wrote up how to do WSGI at the link above.
https://gitweb.torproject.org/pluggable-transports/meek.git/tree/HEAD:/php
https://gitweb.torproject.org/pluggable-transports/meek.git/tree/HEAD:/wsgi
Azure has different service offerings: Azure Websites (web hosting,
that's that I used), Cloud Services (a little more complicated, with
e.g. databases and periodic worker tasks), and Virtual Machines (what it
sounds like). I found Cloud Services to be a pain to set up and settled
on Azure Websites. I didn't try a Virtual Machine. A VM has the
intriguing possibility of dispensing with the reflector and just running
your proxy (e.g. Tor bridge) directly on Azure itself.
https://azure.microsoft.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
Azure Websites gives you a subdomain of azurewebsites.net. Once you have
it set up, you can set up the CDN to point to it with a subdomain of
vo.msecnd.net. The advantage of adding the CDN layer is you can then
front using other domains that use the CDN. The domain I'm using is
ajax.aspnetcdn.com, but there might be better ones.
David Fifield
cloud platform with a CDN.
https://trac.torproject.org/projects/tor/wiki/doc/meek#MicrosoftAzure
Azure's CDN isn't like other CDNs in that you can't point it at an
arbitrary domain. It can only point to an Azure service. You can do the
same thing you do on App Engine: run a tiny "reflector" app on the
service that simply copies requests to where you would have pointed the
CDN. I got it to work with both a PHP and Python (WSGI) reflector. I
wrote up how to do WSGI at the link above.
https://gitweb.torproject.org/pluggable-transports/meek.git/tree/HEAD:/php
https://gitweb.torproject.org/pluggable-transports/meek.git/tree/HEAD:/wsgi
Azure has different service offerings: Azure Websites (web hosting,
that's that I used), Cloud Services (a little more complicated, with
e.g. databases and periodic worker tasks), and Virtual Machines (what it
sounds like). I found Cloud Services to be a pain to set up and settled
on Azure Websites. I didn't try a Virtual Machine. A VM has the
intriguing possibility of dispensing with the reflector and just running
your proxy (e.g. Tor bridge) directly on Azure itself.
https://azure.microsoft.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
Azure Websites gives you a subdomain of azurewebsites.net. Once you have
it set up, you can set up the CDN to point to it with a subdomain of
vo.msecnd.net. The advantage of adding the CDN layer is you can then
front using other domains that use the CDN. The domain I'm using is
ajax.aspnetcdn.com, but there might be better ones.
David Fifield
Adam Fisk
Sep 22, 2014, 9:58:45 AM9/22/14
to David Fifield, traff...@googlegroups.com
This is great David! Azure is particularly intriguing because it's
apparently much bigger than I realized and supposedly might overtake
Amazon AWS in overall revenue
(http://www.theregister.co.uk/2014/07/28/azure_catching_up_on_aws/).
That hopefully means there are some big (high collateral damage) sites
running on there that we don't know about.
> --
> You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
--
Adam
pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
apparently much bigger than I realized and supposedly might overtake
Amazon AWS in overall revenue
(http://www.theregister.co.uk/2014/07/28/azure_catching_up_on_aws/).
That hopefully means there are some big (high collateral damage) sites
running on there that we don't know about.
> You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
--
Adam
pgp A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
rajkot...@gmail.com
Sep 9, 2015, 6:16:01 PM9/9/15
to Network Traffic Obfuscation
Hi, i tried setting up Azure as you said, i pointed the Azure cdn to custom origin domain that points to ip address where m meek server runs on port 443. But i always get gateway timeout error. Can you suggest a solution for this...
Thank you
Reply all
Reply to author
Forward
0 new messages