Press "Enter" to skip to content

Access Web Servers on EC2 Private Addresses with Firefox FoxyProxy & Google Chrome SwitchySharp

There are sometimes web ui services on EC2 instances that are only accessible via the AWS private IP addresses. The one I run into most are the WebUI of HBase and Hadoop. There are probably many others.

Running a Socks Proxy Tunnel to an EC2 server

On your local system you will need to run an ssh socks tunnel. On most Unix like systems (including the Mac of course) you can run on a terminal / shell windoow:

nohup ssh -CqTnN -D 6666 <FQDN of EC2 Host you have ssh access and has the http service you want>

For instance:

nohup ssh -CqTnN -D 6666 ec2-50-96-29-44.compute-1.amazonaws.com

You will need to have that running whenever you want to proxy to an EC2 http destination.

You could run it in the background by appending the ampersand ‘&’ at the end if you want, but its easier to keep track of it to just have a window dedicated to it.

Firefox and Foxy Proxy

One relatively easy way to get around this to use the FoxyProxy plugin for Firefox  or via the Firefox addons

To configure it once you installed it, just go to Tools->FoxyProxy->More->Options and you will see something like this, but there won’t be an entry for localhost, just Default:

Click on Add New Proxy to get:

Click Enabled and enter a name. Then click on the Proxy Details Tab

Check the Automatic proxy configuration URL and fill it in with http://apache-hadoop-ec2.s3.amazonaws.com/proxy.pac

And then click on the OK button

If you get the following message, just click OK

When you get back to the main FoxyProxy window, set the Select Mode: Pull down menu to Use proxy “EC2” for all URLs

The Pac file you loaded has the has the rules to follow, so it will actually only use the EC2 proxy when request URLs have the EC2 wildcards. The rules in the proxy.pac are:

function FindProxyForURL(url, host) {
  if ((shExpMatch(host, "*ec2*.amazonaws.com*")) ||
    (shExpMatch(host, "*ec2.internal*")) ||
    (shExpMatch(host, "*domu*.internal*"))) {
    return "SOCKS localhost:6666";
  }
  return "DIRECT";
}

Firefox is now configured so that if you access any url that matches the globs defined in the proxy.pac, it will use your ssh tunnel, otherwise normal direct connection to all other sites.

Google Chrome and Switchy*

It turns out that there are several Google Chrome Extensions that are variations on the same code base that started with one called Proxy Switchy! The big problem with the original is that it was written before there was an official chrome.proxy api. It uses native plugins. Besides the fact that there seems to be a lot of problems with the latest version of Chrome and such, its a huge security hole.

Another Chinese guy (ayanamist twitter: @gh05tw01f) took that and wrote SwitchyPlus. This uses the chrome.proxy api and works really well. Unfortunately the author claims that he’s not supporting it anymore . ayanamist told me that its now being supported by @shyc2001 as SwitchySharp. It doesn’t seem to be on the Chrome Web Shop yet. You can download the crx installer though.

They all have pretty much the same configurations. The following screenshots are from SwitchySharp

After you have installed the extension from the Google Web Shop, Access the Options panel for SwitchyPlus via its Icon ->Options

It seems that you can’t use the same proxy.pac automatic config file, so the following manual config should be done:

Then Click on the Switch Rules tab and fill in the following:

And click the Save button.

The last thing is to set it to Auto Switch Mode by clicking on the Icon and selecting Auto Switch Mode:

You are now good to go!

2 Comments

  1. Shyc2001 Shyc2001 August 15, 2011

    “It seems that you can’t use the same proxy.pac automatic config file …”

    ->Is the option “Automatic Configuration” working?

    If it isn’t, I will try to fix it. Please open an issue to let me know.

    http://code.google.com/p/switchysharp/

Comments are closed.