Fork of compy
Go to file
2017-08-20 21:57:07 -07:00
proxy Check HTTP auth before allowing CONNECT 2017-08-20 21:57:07 -07:00
transcoder Allow X-Compy-Quality override header 2017-08-19 11:29:31 -07:00
.gitignore Add .gitignore 2017-01-13 14:14:30 -08:00
compy.go Add optional HTTP BASIC authorization 2017-08-19 11:23:02 -07:00
compy_test.go Allow X-Compy-Quality override header 2017-08-19 11:29:31 -07:00
LICENSE initial commit 2015-03-28 23:07:40 +01:00
README.md Add optional HTTP BASIC authorization 2017-08-19 11:23:02 -07:00

Compy

Compy is an HTTP/HTTPS forward proxy with content compression/transcoding capabilities.
One use case is to reduce bandwidth usage when browsing on limited mobile broadband connection.

Features:

  • HTTPS proxy (encrypted connection between client and proxy)
  • man in the middle support (compress HTTPS traffic)
  • HTTP2 support (over TLS)
  • Brotli and gzip compression
  • transcode animated GIFs to static images
  • transcode JPEG images to desired quality using libjpeg
  • transcode PNG and JPEG images to WebP
  • HTML/CSS/JavaScript minification

Installation

go get github.com/barnacs/compy

HTTPS

To use the proxy over HTTPS, you will need a certificate for your host. If you don't already have one, you can get one for free or you can generate a self-signed cert by running:

openssl req -x509 -newkey rsa:2048 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=<your-domain>'

then visit the proxy URL and confirm that you trust your own certificate

To connect to the proxy over TLS, you will need to supply a PAC (proxy auto-config) file to the browser, as most of them do not expose this option to the UI directly. Example:

function FindProxyForURL(url, host) {
   if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:') {
      return "HTTPS <your-domain>:9999";
   }
   return "DIRECT";
}

This tells the browser to fetch HTTP and HTTPS URLs via the HTTPS proxy and for all other schemas, e.g., WebSocket, connect directly. Set the path to this file in the browser UI and you're good to go.

MitM

To enable man-in-the-middle support, you will need to generate a root cert to sign all the certs generated by the proxy on the fly:

openssl req -x509 -newkey rsa:2048 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=<your-domain>'

and add it to your client (browser) as a trusted certificate authority

Usage

To run a simple http forward proxy:

compy

To run it over TLS:

compy -cert cert.crt -key cert.key

With man in the middle support:

compy -ca ca.crt -cakey ca.key

Probably the best option is to run it with both TLS and MitM support, combining the two:

compy -cert cert.crt -key cert.key -ca ca.crt -cakey ca.key

You can limit access to your proxy via HTTP BASIC authentication:

compy -cert cert.crt -key cert.key -user myuser -pass mypass

You can also specify the listen port (defaults to 9999):

compy -host :9999

For compression, transcoding and minification options, see compy --help

References

  • Google Flywheel - NSDI 2015 paper discussing techniques used by Chrome data saver
  • Mozilla Janus - now-defunct experiment similar to compy
  • Ziproxy - older approach similar to compy

Credits

https://github.com/pixiv/go-libjpeg
https://github.com/tdewolff/minify

License

ISC, see LICENSE