2016-03-29 03:41:47 +00:00
Compy
=====
2019-05-24 09:23:52 +00:00
Compy is an HTTP/HTTPS forward proxy with content compression/transcoding capabilities.
2016-03-29 03:41:47 +00:00
One use case is to reduce bandwidth usage when browsing on limited mobile broadband connection.
2017-09-30 17:54:22 +00:00
Features
--------
2016-03-29 03:41:47 +00:00
- HTTPS proxy (encrypted connection between client and proxy)
- man in the middle support (compress HTTPS traffic)
2017-01-17 00:35:53 +00:00
- HTTP2 support (over TLS)
2017-01-13 07:17:24 +00:00
- Brotli and gzip compression
2017-01-17 00:35:53 +00:00
- transcode animated GIFs to static images
- transcode JPEG images to desired quality using libjpeg
2017-01-15 03:26:45 +00:00
- transcode PNG and JPEG images to WebP
2017-01-17 00:35:53 +00:00
- HTML/CSS/JavaScript minification
2016-03-29 03:41:47 +00:00
Installation
------------
2017-09-30 17:54:22 +00:00
compy needs a few libraries to compile.
2018-11-10 20:58:50 +00:00
On Fedora, run `dnf install -y libjpeg-devel`
2020-01-29 14:20:12 +00:00
On Ubuntu, run `apt-get install -y libjpeg8-dev openssl ssl-cert` .
2017-09-30 17:54:22 +00:00
On macOS, run `brew install jpeg` . Then compile via:
```ShellSession
$ go get github.com/barnacs/compy
$ cd go/src/github.com/barnacs/compy/
$ go install
2017-01-17 00:35:53 +00:00
```
2017-09-30 17:54:22 +00:00
go will generate the binary at `go/bin/compy` .
2016-03-29 03:41:47 +00:00
### HTTPS
To use the proxy over HTTPS, you will need a certificate for your host. If you don't already have one, you can get one for [free ](https://letsencrypt.org/ ) or you can generate a self-signed cert by running:
2016-03-29 11:21:37 +00:00
```
2019-05-24 09:36:12 +00:00
openssl req -x509 -newkey rsa:4096 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=< your-domain > '
2017-01-17 00:35:53 +00:00
```
then visit the proxy URL and confirm that you trust your own certificate
To connect to the proxy over TLS, you will need to supply a PAC (proxy auto-config) file to the browser, as most of them do not expose this option to the UI directly. Example:
```javascript
2016-03-29 11:21:37 +00:00
function FindProxyForURL(url, host) {
if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:') {
return "HTTPS < your-domain > :9999";
}
return "DIRECT";
}
```
2017-01-17 00:35:53 +00:00
This tells the browser to fetch HTTP and HTTPS URLs via the HTTPS proxy and for all other schemas, e.g., WebSocket, connect directly.
2016-03-29 11:21:37 +00:00
Set the path to this file in the browser UI and you're good to go.
2016-03-29 03:41:47 +00:00
### MitM
2019-05-24 09:23:52 +00:00
To enable man-in-the-middle support, you will need to generate a root cert to sign all the certs generated by the proxy on the fly:
2017-01-17 00:35:53 +00:00
```
2019-05-24 09:36:12 +00:00
openssl req -x509 -newkey rsa:4096 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=< your-domain > '
2017-01-17 00:35:53 +00:00
```
2016-03-29 03:41:47 +00:00
and add it to your client (browser) as a trusted certificate authority
Usage
-----
2019-05-24 09:23:52 +00:00
To run a simple http forward proxy:
2017-01-17 00:35:53 +00:00
```
compy
```
2016-03-29 03:41:47 +00:00
2017-01-17 00:35:53 +00:00
To run it over TLS:
```
compy -cert cert.crt -key cert.key
```
2016-03-29 03:41:47 +00:00
2019-05-24 09:23:52 +00:00
With man in the middle support:
2017-01-17 00:35:53 +00:00
```
compy -ca ca.crt -cakey ca.key
```
2016-03-29 03:41:47 +00:00
2017-01-17 00:35:53 +00:00
Probably the best option is to run it with both TLS and MitM support, combining the two:
```
compy -cert cert.crt -key cert.key -ca ca.crt -cakey ca.key
```
2016-03-29 03:41:47 +00:00
2017-07-06 01:20:26 +00:00
You can limit access to your proxy via HTTP BASIC authentication:
```
compy -cert cert.crt -key cert.key -user myuser -pass mypass
```
2019-05-24 09:23:52 +00:00
You can also specify the listen port (defaults to 9999):
2017-01-17 00:35:53 +00:00
```
compy -host :9999
```
2016-03-29 03:41:47 +00:00
For compression, transcoding and minification options, see `compy --help`
2017-08-26 00:53:06 +00:00
Docker Usage
------------
2022-03-26 13:49:33 +00:00
A docker image is published as [`thecoopcloud/compy` ](https://hub.docker.com/r/thecoopcloud/compy ); you can run it with
2019-05-24 09:24:07 +00:00
```
2022-03-26 13:49:33 +00:00
docker run -p 9999:9999 thecoopcloud/compy
2019-05-24 09:24:07 +00:00
```
2022-03-26 13:49:33 +00:00
To run with https enabled, you need to generate the certificates on your host and provide the path to docker:
2019-05-24 09:24:07 +00:00
```
2022-03-26 13:49:33 +00:00
mkdir ssl
cd ssl
openssl req -x509 -newkey rsa:4096 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=< your-domain > '
openssl req -x509 -newkey rsa:4096 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=< your-domain > '
cd ..
docker run -d --name compy -p 9999:9999 -v $PWD/ssl:/ssl compy -cert /ssl/cert.crt -key /ssl/cert.key -ca /ssl/ca.crt -cakey /ssl/ca.key
2019-05-24 09:24:07 +00:00
```
2017-08-26 00:53:06 +00:00
2022-03-26 13:49:33 +00:00
To rebuild the docker image locally just run:
2017-08-26 00:53:06 +00:00
```
2022-03-26 13:49:33 +00:00
docker build -t thecoopcloud/compy .
2017-08-26 00:53:06 +00:00
```
2022-03-26 13:49:33 +00:00
New image versions are automatically built and pushed to Docker Hub using Drone.
2017-01-17 00:35:53 +00:00
References
----------
2020-06-26 07:47:43 +00:00
* [Bandwidth Hero ](https://github.com/ayastreb/bandwidth-hero ) - similar to compy
2017-01-17 00:35:53 +00:00
* [Google Flywheel ](https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/agababov ) - NSDI 2015 paper discussing techniques used by Chrome data saver
* [Mozilla Janus ](https://wiki.mozilla.org/Mobile/Janus ) - now-defunct experiment similar to compy
2019-11-04 19:29:10 +00:00
* [WANProxy ](http://wanproxy.org/ ) - general-purpose TCP compression
2017-01-17 00:35:53 +00:00
* [Ziproxy ](https://en.wikipedia.org/wiki/Ziproxy ) - older approach similar to compy
2016-03-29 03:41:47 +00:00
Credits
-------
2019-05-24 09:23:52 +00:00
https://github.com/pixiv/go-libjpeg
2016-03-29 03:41:47 +00:00
https://github.com/tdewolff/minify
License
-------
ISC, see LICENSE