Skip to content

Instantly share code, notes, and snippets.

@dusenberrymw
Last active February 7, 2024 23:50
Show Gist options
  • Save dusenberrymw/850151bda3253453e5244d6a33c7cd2d to your computer and use it in GitHub Desktop.
Save dusenberrymw/850151bda3253453e5244d6a33c7cd2d to your computer and use it in GitHub Desktop.
Proxy PAC file template for selective SSH SOCKS proxies, plus a [re]installation script.
// Proxy PAC File
// - Used to redirect certain addresses to the server through the SOCKS ssh port (1280 for this file), i.e.
// tunnel traffic through server.
// - Useful for easily accessing webpages from services running on a server (Jupyter notebooks, TensorBoard, Spark UI, etc.)
// that is otherwise locked down by a firewall.
// - To install on OS X/MacOS, go to "Settings->Network->Advanced->Proxies->Automatic Proxy Configuration"
// and paste the local file url (`file:///absolute/path/to/proxy.pac`).
// - Alternatively, use `./reinstall_proxy.sh`.
// - SSH to the server with `ssh -D 1280 ....`.
function FindProxyForURL(url, host) {
// Setup a SOCKS proxy on port 1280.
proxy = "SOCKS5 127.0.0.1:1280; SOCKS 127.0.0.1:1280"
// Log to `chrome://net-internals/#events` for debugging.
alert("url: " + url + ", host: " + host)
// Setup proxy filters.
// - Use `host` for IP addresses and domain names.
// - Use `url` for more control over the entire URL (i.e. sub paths).
// - Protip: Use the above debugging log to determine the `url` and `host` for
// a given page.
// - Protip 2: If you add an entry for your server to `/etc/hosts` in the form of
// `IP_address domain_name_url alias`, the `host` can be matched to the `alias`.
if (shExpMatch(host, "111.111.111.*") || // match IP address
shExpMatch(host, "server*")) { // match `server1`, `server23`, etc.
// Log to `chrome://net-internals/#events` for debugging.
alert(host + " passed!")
// Route through server.
return proxy;
}
// Route everything else directly!
return "DIRECT";
}
#!/usr/bin/env bash
set -x # echo on
DIR="$(cd "$(dirname "$0")" && pwd)"
PROXY_FILE_PATH="$DIR/proxy.pac"
sudo networksetup -setautoproxystate Wi-Fi off
sudo networksetup -setautoproxyurl Wi-Fi file://$PROXY_FILE_PATH
sudo networksetup -getautoproxyurl Wi-Fi
@dusenberrymw
Copy link
Author

Note: IntelliJ can't run remote debugging using a system SOCKS proxy. Therefore, for this use case, simply open a direct ssh connection with local port forwarding to the correct remote port, then start the remote debug session pointing at that local port.

For a remote debug session pointing at localhost:5007, assuming a debug port is open on REMOTE_HOST:5007:

ssh -L 5007:localhost:5007 -N REMOTE_HOST

@stefanlasiewski
Copy link

Nice job.

I believe the sudo command is unnecessary on a Mac. I can run networksetup -setautoproxystate Wi-Fi off as a non-root user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment