Opened 13 months ago

Closed 4 months ago

Last modified 4 months ago

#22874 closed project (fixed)

Standalone broker (independent of App Engine)

Reported by: dcf Owned by: cmm32
Priority: High Milestone:
Component: Obfuscation/Snowflake Version:
Severity: Normal Keywords:
Cc: arlolra, serene, cmm32 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently the broker code is implemented only for App Engine; i.e. it doesn't have a main function and relies on being invoked using the App Engine APIs.

Instead, the broker should run as a standalone HTTPS server somewhere, and App Engine should only be a dumb request/response forwarder (we can steal the forwarder code from meek). That will make it possible to easily add domain fronts other than Google (#22782), and any secret data we handle on the broker won't have to be revealed to Google.

Child Tickets

Change History (10)

comment:1 in reply to:  description Changed 13 months ago by cmm32

Owner: set to cmm32
Status: newassigned

Replying to dcf:

Currently the broker code is implemented only for App Engine; i.e. it doesn't have a main function and relies on being invoked using the App Engine APIs.

Instead, the broker should run as a standalone HTTPS server somewhere, and App Engine should only be a dumb request/response forwarder (we can steal the forwarder code from meek). That will make it possible to easily add domain fronts other than Google (#22782), and any secret data we handle on the broker won't have to be revealed to Google.

comment:2 Changed 13 months ago by dcf

Priority: MediumHigh

comment:3 Changed 13 months ago by dcf

Hooman has been working on this and I pushed their changes to a standalone-broker branch:

https://gitweb.torproject.org/user/dcf/snowflake.git/log/?h=standalone-broker&id=3f4f5d2292416dc7aeb6d091c174e20d779fe947

comment:4 Changed 13 months ago by dcf

Keywords: arlolra serene cmm32 added

comment:5 Changed 13 months ago by dcf

Cc: arlolra serene cmm32 added
Keywords: arlolra serene cmm32 removed

comment:6 Changed 13 months ago by dcf

I merged the standalone-broker branch in 36debdfdd2.

There's a standalone broker running at https://snowflake-broker.bamsoftware.com/.

I think now we just need https://snowflake-reg.appspot.com/ to upload the code from appengine so that clients start communicating with the standalone broker.

comment:7 in reply to:  6 ; Changed 5 months ago by dcf

Replying to dcf:

I think now we just need https://snowflake-reg.appspot.com/ to upload the code from appengine so that clients start communicating with the standalone broker.

I think we're not going to regain access to https://snowflake-reg.appspot.com/. I think the way forward is to do #23947; i.e., move the proxy-hosting page away from keroserene.net, and then we configure the proxy on the new host to use the new broker.

comment:8 Changed 5 months ago by arlolra

Sounds good to me.

comment:9 in reply to:  7 Changed 4 months ago by dcf

Resolution: fixed
Status: assignedclosed

Replying to dcf:

Replying to dcf:

I think now we just need https://snowflake-reg.appspot.com/ to upload the code from appengine so that clients start communicating with the standalone broker.

I think we're not going to regain access to https://snowflake-reg.appspot.com/. I think the way forward is to do #23947; i.e., move the proxy-hosting page away from keroserene.net, and then we configure the proxy on the new host to use the new broker.

Done in comment:15:ticket:23947.

The standalone broker is now the primary broker. Let's leave proxy-go instances running for the old App Engine broker for a time.

comment:10 Changed 4 months ago by dcf

I just noticed that, due to a mistake of mine, the fallback proxy-go instances that were meant to be assigned to the standalone broker were instead assigned to the old App Engine broker. So all 6 were on the old broker, instead of 3 and 3 like desired.

I fixed it at 2018-04-18 00:06:42. I suspect it had been misconfigured since 2018-04-02 04:57:42, when I reinstated periodic restarts of the fallback proxies (comment:1:ticket:25688).

Note: See TracTickets for help on using tickets.