Skip to content

doc: update forward proxy #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JordiSubira merged 1 commit into from
Apr 10, 2025
Merged

doc: update forward proxy #15

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 25 additions & 1 deletion docs/source/forward-proxy.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,18 @@ Then, you can follow the steps below to install the plugin:
sudo mkdir -p /usr/share/scion/caddy-scion
sudo chown -R $USER:$USER /usr/share/scion

- Apply the necessary permissions to the binary:

.. code-block:: bash

chmod +x scion-caddy

- If you intend to configure the proxy to run on well-known ports, add network capabilities to the binary:

.. code-block:: bash

sudo setcap 'cap_net_bind_service=+ep' scion-caddy

- Optionally you can create a systemd service and enable it. You can use the example service file ``scion-caddy.service`` in the `examples <https://github.com/scionproto-contrib/http-proxy/tree/main/_examples>`__.

- You can use the ``forward.json`` file in `examples <https://github.com/scionproto-contrib/http-proxy/blob/main/_examples/scion-caddy-forward-proxy.json>`__ folder as reference configuration file.
Expand Down Expand Up @@ -80,6 +92,12 @@ Then, you can follow the steps below to install the plugin:

chmod +x scion-caddy

- If you intend to configure the proxy to run on well-known ports, add network capabilities to the binary:

.. code-block:: bash

sudo setcap 'cap_net_bind_service=+ep' scion-caddy

- Add a data directory for the plugin to store its data:

.. code-block:: bash
Expand Down Expand Up @@ -177,7 +195,13 @@ For more information, see the `Caddy TLS configuration <https://caddyserver.com/
Running the SCION HTTP Forward Proxy locally
--------------------------------------------
End users can run the SCION HTTP Forward Proxy locally by following the installation steps above.
To ensure interoperability with their browser navigation, the user is required to add an entry to resolve the configured name for the forward proxy to the local IP address, e.g., by adding the following line to the ``/etc/hosts`` file:
For smooth running experience, grant DAC capabilities to the binary:

.. code-block:: bash

sudo setcap cap_dac_override=+ep scion-caddy

If you do not want to grant those privileges, you can run the binary without them but you will have to manually add the following line to your ``/etc/hosts`` before running the SCION HTTP Forward Proxy:

.. code-block:: bash

Expand Down
Loading