2016-03-29 03:41:47 +00:00
Compy
=====
Compy is an HTTP/HTTPS forward proxy with content compression/transcoding capabilities.
One use case is to reduce bandwidth usage when browsing on limited mobile broadband connection.
2017-09-30 17:54:22 +00:00
Features
--------
2016-03-29 03:41:47 +00:00
- HTTPS proxy (encrypted connection between client and proxy)
- man in the middle support (compress HTTPS traffic)
2017-01-17 00:35:53 +00:00
- HTTP2 support (over TLS)
2017-01-13 07:17:24 +00:00
- Brotli and gzip compression
2017-01-17 00:35:53 +00:00
- transcode animated GIFs to static images
- transcode JPEG images to desired quality using libjpeg
2017-01-15 03:26:45 +00:00
- transcode PNG and JPEG images to WebP
2017-01-17 00:35:53 +00:00
- HTML/CSS/JavaScript minification
2016-03-29 03:41:47 +00:00
Installation
------------
2017-09-30 17:54:22 +00:00
compy needs a few libraries to compile.
2018-11-10 20:58:50 +00:00
On Fedora, run `dnf install -y libjpeg-devel`
2017-09-30 17:54:22 +00:00
On Ubuntu, run `apt-get install -y libjpeg8 openssl ssl-cert` .
On macOS, run `brew install jpeg` . Then compile via:
```ShellSession
$ go get github.com/barnacs/compy
$ cd go/src/github.com/barnacs/compy/
$ go install
2017-01-17 00:35:53 +00:00
```
2017-09-30 17:54:22 +00:00
go will generate the binary at `go/bin/compy` .
2016-03-29 03:41:47 +00:00
### HTTPS
To use the proxy over HTTPS, you will need a certificate for your host. If you don't already have one, you can get one for [free ](https://letsencrypt.org/ ) or you can generate a self-signed cert by running:
2016-03-29 11:21:37 +00:00
```
2017-01-17 00:35:53 +00:00
openssl req -x509 -newkey rsa:2048 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=< your-domain > '
```
then visit the proxy URL and confirm that you trust your own certificate
To connect to the proxy over TLS, you will need to supply a PAC (proxy auto-config) file to the browser, as most of them do not expose this option to the UI directly. Example:
```javascript
2016-03-29 11:21:37 +00:00
function FindProxyForURL(url, host) {
if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:') {
return "HTTPS < your-domain > :9999";
}
return "DIRECT";
}
```
2017-01-17 00:35:53 +00:00
This tells the browser to fetch HTTP and HTTPS URLs via the HTTPS proxy and for all other schemas, e.g., WebSocket, connect directly.
2016-03-29 11:21:37 +00:00
Set the path to this file in the browser UI and you're good to go.
2016-03-29 03:41:47 +00:00
### MitM
To enable man-in-the-middle support, you will need to generate a root cert to sign all the certs generated by the proxy on the fly:
2017-01-17 00:35:53 +00:00
```
openssl req -x509 -newkey rsa:2048 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=< your-domain > '
```
2016-03-29 03:41:47 +00:00
and add it to your client (browser) as a trusted certificate authority
Usage
-----
To run a simple http forward proxy:
2017-01-17 00:35:53 +00:00
```
compy
```
2016-03-29 03:41:47 +00:00
2017-01-17 00:35:53 +00:00
To run it over TLS:
```
compy -cert cert.crt -key cert.key
```
2016-03-29 03:41:47 +00:00
With man in the middle support:
2017-01-17 00:35:53 +00:00
```
compy -ca ca.crt -cakey ca.key
```
2016-03-29 03:41:47 +00:00
2017-01-17 00:35:53 +00:00
Probably the best option is to run it with both TLS and MitM support, combining the two:
```
compy -cert cert.crt -key cert.key -ca ca.crt -cakey ca.key
```
2016-03-29 03:41:47 +00:00
2017-07-06 01:20:26 +00:00
You can limit access to your proxy via HTTP BASIC authentication:
```
compy -cert cert.crt -key cert.key -user myuser -pass mypass
```
2016-03-29 03:41:47 +00:00
You can also specify the listen port (defaults to 9999):
2017-01-17 00:35:53 +00:00
```
compy -host :9999
```
2016-03-29 03:41:47 +00:00
For compression, transcoding and minification options, see `compy --help`
2017-08-26 00:53:06 +00:00
Docker Usage
------------
Andrew Gaul publishes unofficial Docker images at
https://hub.docker.com/r/andrewgaul/compy/ . You can configure via:
```
sudo docker run --name=compy --env CERTIFICATE_DOMAIN=example.com --publish 9999:9999 andrewgaul/compy
```
2017-01-17 00:35:53 +00:00
References
----------
* [Google Flywheel ](https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/agababov ) - NSDI 2015 paper discussing techniques used by Chrome data saver
* [Mozilla Janus ](https://wiki.mozilla.org/Mobile/Janus ) - now-defunct experiment similar to compy
2019-11-04 19:29:10 +00:00
* [WANProxy ](http://wanproxy.org/ ) - general-purpose TCP compression
2017-01-17 00:35:53 +00:00
* [Ziproxy ](https://en.wikipedia.org/wiki/Ziproxy ) - older approach similar to compy
2016-03-29 03:41:47 +00:00
Credits
-------
2016-03-29 11:21:37 +00:00
https://github.com/pixiv/go-libjpeg
2016-03-29 03:41:47 +00:00
https://github.com/tdewolff/minify
License
-------
ISC, see LICENSE