EXIGN Egress Proxy

An egress proxy that is capable to add signature header to all received request and forward the request to the actual server.

Usage

Steps:

Start exign container using docker with the following command:

docker run \
  --rm \
  --name exign \
  --pull 'always' \
  --dns '8.8.8.8' \
  --dns '8.8.1.1' \
  --publish '53:53/udp' \
  --publish '80:80' \
  --publish '443:443' \
  --publish '1080:1080' \
  --publish '127.0.0.1:3000:3000' \
  --volume "$(pwd)/config:/src/config" \
  --volume "$(pwd)/logs:/src/logs" \
  ghcr.io/telkomindonesia/exign

In case you can't allocate port 80, 443, or 53 (UDP), then you can start exign without those ports. But in step 3, you can only use SOCKS5 Proxy if you need request redirection. Meanwhile port 1080 and 3000 (left side of --publish arguments) can be changed as necessary.

docker run \
    --rm \
    --name exign \
    --pull 'always' \
    --publish '1080:1080' \
    --publish '127.0.0.1:3000:3000' \
    --volume "$(pwd)/config:/src/config" \
    --volume "$(pwd)/logs:/src/logs" \
    ghcr.io/telkomindonesia/exign

If the remote server you are trying to connect to need to verify the signature, then distribute the generated public key to the administrator of the remote server. Meanwhile, keep the private key safe and private.
Setup redirection to exign by doing one of the following:
- Use SOCKS5 proxy at 127.0.0.1:1080 for all of your HTTP and DNS requests.
- Change your DNS resolver to 127.0.0.1.
- Add custom host-IP mapping to your hosts file manually.
If your tools need to verify TLS certificate, then trust the generated CA Certificate. For reference, checkout Portswigger documentation on how to trust a particular CA Certificate.

Container Signature

The container image is signed using cosign. You should verify that you are using the legitimate container as follow:

docker run \
     --rm \
     --env KEY=$'-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE3il8roBEOKz2Ogu5adrXSvoCbrL\nq3kbKfGJXVmTTinmNd3VJ/VbOS+kGoB/F++AtQRY7GcCrSIfWWsPf6YyVg==\n-----END PUBLIC KEY-----' \
     gcr.io/projectsigstore/cosign:v1.13.1 \
          verify --key env://KEY \
          ghcr.io/telkomindonesia/exign

Name		Name	Last commit message	Last commit date
Latest commit History 257 Commits
.github/workflows		.github/workflows
dist		dist
src		src
types		types
.dockerignore		.dockerignore
.eslintrc.js		.eslintrc.js
.gitattributes		.gitattributes
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
cosign.pub		cosign.pub
docker-compose.yml		docker-compose.yml
docker-entrypoint.sh		docker-entrypoint.sh
jest.config.js		jest.config.js
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

EXIGN Egress Proxy

Usage

Container Signature

About

Releases

Packages

Languages

TelkomIndonesia/exign

Folders and files

Latest commit

History

Repository files navigation

EXIGN Egress Proxy

Usage

Container Signature

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages