directoryproxy 0.1.0
directory-proxy
Proxy for rejecting non-whitelisted IP addresses.
Proxy sets a Hawk signature header that the upstream service can check, rejecting requests that do not have a valid signature.
Installation
pip install directory-proxy
Usage
Proxy can be ran as a standalone service or as a WSGI worker running alongside the upstream service.
WSGI worker
The proxy can be run on the same box as the upstream service. Install proxy on the same box as the upstream service then run the WSGI worker:
DJANGO_SETTINGS_MODULE=directory_proxy.conf.settings \
gunicorn directory_proxy.conf.wsgi --bind 0.0.0.0:$UPSTREAM_PORT
Standalone service
If you're unable to run the WSGI worker on the same box as the upstream service then the proxy can be ran as a standlone service.
Configuration
Set the following environment variables to configure the proxy:
Environment variable
Details
IP_RESTRICTOR_ALLOWED_ADMIN_IPS
Allow IP addresses. Command delimited
IP_RESTRICTOR_ALLOWED_ADMIN_IP_RANGES
Allow IP ranges. Command delimited
IP_RESTRICTOR_SKIP_CHECK_ENABLED
Skip IP check. Check cookie instead
IP_RESTRICTOR_SKIP_CHECK_SECRET
Shared secret for checking cookie
UPSTREAM_DOMAIN
Domain of upstream service
UPSTREAM_SIGNATURE_SECRET
Hawk shared secret for upstream request
UPSTREAM_SIGNATURE_SENDER_ID
Hawk sender ID for upstream request
Local installation
$ git clone https://github.com/uktrade/directory-proxy
$ cd directory-proxy
Debugging
Setup debug environment
$ make debug
Run debug webserver
$ make debug_webserver
Run debug tests
$ make debug_test
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
There are no reviews.