Description:

directoryproxy 0.1.0

directory-proxy



Proxy for rejecting non-whitelisted IP addresses.

Proxy sets a Hawk signature header that the upstream service can check, rejecting requests that do not have a valid signature.
Installation
pip install directory-proxy
Usage
Proxy can be ran as a standalone service or as a WSGI worker running alongside the upstream service.
WSGI worker
The proxy can be run on the same box as the upstream service. Install proxy on the same box as the upstream service then run the WSGI worker:
DJANGO_SETTINGS_MODULE=directory_proxy.conf.settings \
gunicorn directory_proxy.conf.wsgi --bind 0.0.0.0:$UPSTREAM_PORT

Standalone service
If you're unable to run the WSGI worker on the same box as the upstream service then the proxy can be ran as a standlone service.
Configuration
Set the following environment variables to configure the proxy:



Environment variable
Details




IP_RESTRICTOR_ALLOWED_ADMIN_IPS
Allow IP addresses. Command delimited


IP_RESTRICTOR_ALLOWED_ADMIN_IP_RANGES
Allow IP ranges. Command delimited


IP_RESTRICTOR_SKIP_CHECK_ENABLED
Skip IP check. Check cookie instead


IP_RESTRICTOR_SKIP_CHECK_SECRET
Shared secret for checking cookie


UPSTREAM_DOMAIN
Domain of upstream service


UPSTREAM_SIGNATURE_SECRET
Hawk shared secret for upstream request


UPSTREAM_SIGNATURE_SENDER_ID
Hawk sender ID for upstream request



Local installation
$ git clone https://github.com/uktrade/directory-proxy
$ cd directory-proxy

Debugging
Setup debug environment
$ make debug

Run debug webserver
$ make debug_webserver

Run debug tests
$ make debug_test

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter