Skip to content

Instantly share code, notes, and snippets.

@geraldvillorente

geraldvillorente/resolve.md

Last active October 27, 2022 01:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save geraldvillorente/664b16e0b375ec495d21ff5d80751968 to your computer and use it in GitHub Desktop.
Save geraldvillorente/664b16e0b375ec495d21ff5d80751968 to your computer and use it in GitHub Desktop.
Download ZIP
curl resolve script
Raw
resolve.md

Application

This script is useful if there is a proxy or a CDN between the client and the Pantheon Global CDN. This script will allow you to bypass the external CDN/proxy and resolve the request directly to Pantheon GCDN.

Default request flow:

Client browser -> Cloudflare/ Proxy -> GCDN -> Pantheon Origin

With this script:

Client browser -> GCDN -> Pantheon Origin

#!/bin/bash

############################################################
# Help                                                     #
############################################################
Help()
{
   # Display Help
   echo "Add description of the script functions here."
   echo
   echo "Syntax: dbgr [-p|h|i|d|o|e]"
   echo "options:"
   echo "p     Port number."
   echo "h     Print this Help."
   echo "i     Internet protocol address or IP."
   echo "d     Public facing domain name."
   echo "o     Origin domain where the public facing domain will get resolved to."
   echo "e     Expose the hidden Pantheon and Fastly headers ."
   echo
}

############################################################
# Main program                                             #
############################################################

# Set variables
Port=8080
IP="127.0.0.1"
Domain="pantheon.io"
Origin="pantheon.io"
Expose=false

############################################################
# Process the input options. Add options as needed.        #
############################################################
# Get the options
while getopts ":hp:i:d:o:e" option; do
   case $option in
      h) # display Help
         Help
         exit;;
      p) # Get the port
         Port=$OPTARG;;
      i) # Resolve to IP
         IP=$OPTARG;;
      d) # Domain name
         Domain=$OPTARG;;
      o) # Origin domain
         Origin=$OPTARG;;
      e) # Expose hidden headers
         Expose=true;;
     \?) # Invalid option
         echo "Error: Invalid option"
         exit;;
   esac
done

if [ "$Expose" = true ] 
then
     curl -H "Pantheon-Debug:1" -H "Fastly-Debug:1" -LIsvo /dev/null --resolve $Origin:$Port:$IP $Domain
else
     curl -LIsvo /dev/null --resolve $Origin:$Port:$IP $Domain
fi

To use

SCRIPT-NAME -p 443 -i 23.185.0.2 -o live-pantheon.pantheonsite.io -d https://pantheon.io

To include hidden headers

SCRIPT-NAME -p 443 -i 23.185.0.2 -o live-pantheon.pantheonsite.io -d https://pantheon.io -e
@geraldvillorente
Copy link
Author

Sample output

dbgr -p 443 -i 23.185.0.2 -o live-pantheon.pantheonsite.io -d https://pantheo
n.io
* Added live-pantheon.pantheonsite.io:443:23.185.0.2 to DNS cache
*   Trying 23.185.0.2:443...
* Connected to pantheon.io (23.185.0.2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [316 bytes data]
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [19 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [4166 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=getpantheon.com
*  start date: Sep  6 15:43:45 2022 GMT
*  expire date: Dec  5 15:43:44 2022 GMT
*  subjectAltName: host "pantheon.io" matched cert's "pantheon.io"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x12800d400)
> HEAD / HTTP/2
> Host: pantheon.io
> user-agent: curl/7.79.1
> accept: */*
> 
< HTTP/2 200 
< cache-control: public, max-age=3600
< content-language: en
< content-security-policy: frame-ancestors https://app.experiencewelcome.com/ https://test-panther.pantheonsite.io/;
< content-type: text/html; charset=utf-8
< etag: W/"1666771788-0"
< expires: Sun, 19 Nov 1978 05:00:00 GMT
< last-modified: Wed, 26 Oct 2022 08:09:48 GMT
< link: <https://pantheon.io/>; rel="canonical"
< permissions-policy: interest-cohort=()
< server: nginx
< strict-transport-security: max-age=31622400
< x-content-type-options: nosniff
< x-drupal-cache: MISS
< x-frame-options: SAMEORIGIN
< x-pantheon-styx-hostname: styx-fe2-a-66f54b648b-wnlpv
< x-styx-req-id: 8f6615d5-5505-11ed-9205-7ab6437b4cde
< date: Wed, 26 Oct 2022 08:48:04 GMT
< x-served-by: cache-chi-klot8100042-CHI, cache-qpg1236-QPG
< x-cache: HIT, HIT
< x-cache-hits: 74, 1
< x-timer: S1666774084.011602,VS0,VE2
< vary: Accept-Encoding, Cookie, Cookie, Cookie
< age: 2294
< accept-ranges: bytes
< via: 1.1 varnish, 1.1 varnish
< content-length: 148285
< 
* Connection #0 to host pantheon.io left intact

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment