Uses node-http-proxy and, for local workstation installations, dnsmasq or some other DNS server.
The server listens on a configurable port (by default 80) and proxies requests
to hosts under a dummy top level domain, e.g. .http.livelocal is proxied to
the corresponding host without the TLD. E.g. http://google.com.http.livelocal
to http://google.com. Https pages are proxied under .https.livelocal.
For this to work DNS must be configured with a wildcard DNS entry so that
anything under .http.livelocal and .https.livelocal is resolved to the
server running the proxy.
Node v4 and higher is required. On MacOSX this is available from homebrew
(brew update) and on Debian you can use the
nodesource APT repositories.
Run:
npm install
cp config.js.sample config.js # and edit
node server.js
This assumes you have already configured your DNS server(s) accordingly.
The bootstrap.sh script will try to configure dnsmasq for you. If that
won't work for you you can do it manually, or use some other DNS configuration
tool. Here's what to do for dnsmasq:
brew install dnsmasq
Then create the default configuration (as root):
cnf=/usr/local/opt/dnsmasq/dnsmasq.conf
cp ${cnf}.example $cnf
echo "address=/.livelocal/127.0.0.1" >> $cnf
cp -fv /usr/local/opt/dnsmask/*.plist /Library/LaunchDaemons
chown root !$/homebrew.mxcl.dnsmasq.plist
launchctl load !$
Then configure OS X to use this resolver:
mkdir -p /etc/resolver
echo "nameserver 127.0.0.1" > /etc/resolver/livelocal
Now you should be able to resolve anything under the dummy .livelocal TLD.
If users are going to reach the proxy over SSL then the secure option must be added to config.json:
{
'secure': true
}
This makes sure that href's and other link attributes get correctly rewritten
to start with https://...
For certificate validation to work correctly you need the user facing web
server (such as apache or nginx) to respond with a wildcard SSL certificate for
the suffix TLD. Ask your friendly neighborhood CA for help with this. While
testing you can create a dummy wildcard certificate for the suffix TLD by
executing the makecert.sh script from within the data directory found in
this distribution, then import the data/demoCA/cacert.pem certificate in your
browser or OS trusted CA list. If you don't have nginx/apache and want the
proxy itself to listen for HTTPS requests then you need to add the following to
your config.json:
{
'port': 443,
'ssl': true
}
The server expects certificate.pem and key.pem to exist in the data directory.
Many pages will include headers to enforce certain policies which won't play nice with our hostname rewriting. For this reason we need to strip the headers. Currently there is no support in this code, but you can do it easily with nginx standing in front:
location / {
proxy_pass http://127.0.0.1:8999;
proxy_set_header Host $host;
proxy_set_header X-RealIP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 600;
proxy_hide_header "Content-Security-Policy";
proxy_hide_header "X-Frame-Options";
include proxy_params;
}
Alternatively you can use the hidden_headers configuration key to list those headers you want removed, e.g.:
{
"hidden_headers": [
"X-Frame-Options",
"Content-Security-Policy"
]
}
The following keys are available in the configuration:
replace: a list of replacements to be made in the text content of nodes. Each replacement is defined by:select: a CSS selector to match the nodefrom: the string to replaceto: the replacement string
inject: a list of injections to perform on the page's DOM. Each injection is defined by:select: a CSS selector to match the parent node in which to injectposition: an optional word to determine the position of the injected node. If equal toendit will inject at the end, otherwise in the beginning.payload: the actual HTML text to inject.file: the name or path of a file from which to retrieve the HTML payload. Overridespayloadif both are present.
port: the port that the proxy will listen for requests. Defaults to 80.suffix: the suffix which will be added to href values and stripped from requests URLs. Defaults to.livelocal:8000secure: iftruethe proxy will rewrite all href values to use HTTPS. Default isfalse.ssl: iftruethe proxy will setup an HTTPS listener instead of HTTP. Default isfalse. Iftrueyou must have a propercertificate.pemandkey.pemfile in thedatadirectory.listen: The address to bind to, default is127.0.0.1hidden_headers: a list of HTTP header names which will be stripped from responses. Default is none.deactivateExternal: replace the HREF attribute in external links withjavascript: void;.