commit 2446e6cdb3907bb476f41073cc4d27919b9b97b8 Author: David Fifield david@bamsoftware.com Date: Thu Jan 17 01:15:08 2019 -0700
Remove some more references to appspot. --- README | 13 +++++++------ doc/meek-client.1 | 10 +++++----- doc/meek-client.1.txt | 4 ++-- doc/meek-server.1 | 4 ++-- firefox/components/main.js | 6 +++--- meek-client-torbrowser/meek-client-torbrowser.go | 2 +- meek-client/meek-client.go | 12 +++++------- 7 files changed, 25 insertions(+), 26 deletions(-)
diff --git a/README b/README index 1c7bd7a..e2f04bd 100644 --- a/README +++ b/README @@ -12,12 +12,13 @@ you are communicating with an allowed domain. It works by putting the allowed domain on the "outside" of a request: in the DNS query and the SNI TLS extension; and the forbidden domain on the "inside": in the Host header of the HTTP request. The trick works with web services that -ignore the SNI and handle requests based on the Host header. Google, -with its App Engine infrastructure at appspot.com, is one of these -services. A client wanting to communicate with a forbidden subdomain of -appspot.com while appearing to communicate with www.google.com can run -the client plugin program like this: - meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com +ignore the SNI and handle requests based on the Host header. A client +wanting to communicate with the domain forbidden.example while appearing +to communicate with a different domain, allowed.example, can run the +client plugin program like this: + meek-client --url=https://forbidden.example/ --front=allowed.example +This can only work when forbidden.example and allowed.example are run on +the same web service.
meek can use a number of web services as a transport backend. Some of these, like CDNs, are very easy to set up for domain fronting: you just diff --git a/doc/meek-client.1 b/doc/meek-client.1 index 2210c2f..bd9b49f 100644 --- a/doc/meek-client.1 +++ b/doc/meek-client.1 @@ -1,13 +1,13 @@ '" t ." Title: meek-client ." Author: [FIXME: author] [see http://docbook.sf.net/el/author] -." Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -." Date: 10/25/2014 +." Generator: DocBook XSL Stylesheets v1.79.1 http://docbook.sf.net/ +." Date: 01/17/2019 ." Manual: \ & ." Source: \ & ." Language: English ." -.TH "MEEK-CLIENT" "1" "10/25/2014" "\ &" "\ &" +.TH "MEEK-CLIENT" "1" "01/17/2019" "\ &" "\ &" ." ----------------------------------------------------------------- ." * Define some portability stuff ." ----------------------------------------------------------------- @@ -42,7 +42,7 @@ Configuration for meek-client usually appears in a torrc file&. Most user conf .RS 4 .} .nf -Bridge meek 0&.0&.2&.0:1 url=https://meek%5C-reflect%5C&.appspot%5C&.com/ front=www&.google&.com +Bridge meek 0&.0&.2&.0:1 url=https://forbidden%5C&.example/ front=allowed&.example ClientTransportPlugin meek exec &./meek-client .fi .if n {\ @@ -56,7 +56,7 @@ is the same as this one using command line options: .} .nf Bridge meek 0&.0&.2&.0:1 -ClientTransportPlugin meek exec &./meek-client --url=https://meek%5C-reflect%5C&.appspot%5C&.com/ --front=www&.google&.com +ClientTransportPlugin meek exec &./meek-client --url=https://forbidden%5C&.example/ --front=allowed&.example .fi .if n {\ .RE diff --git a/doc/meek-client.1.txt b/doc/meek-client.1.txt index 6ac5b99..47c9c46 100644 --- a/doc/meek-client.1.txt +++ b/doc/meek-client.1.txt @@ -32,13 +32,13 @@ Bridge line) or through command line options. SOCKS args take precedence per-connection over command line options. For example, this configuration using SOCKS args: ---- -Bridge meek 0.0.2.0:1 url=https://meek-reflect.appspot.com/ front=www.google.com +Bridge meek 0.0.2.0:1 url=https://forbidden.example/ front=allowed.example ClientTransportPlugin meek exec ./meek-client ---- is the same as this one using command line options: ---- Bridge meek 0.0.2.0:1 -ClientTransportPlugin meek exec ./meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com +ClientTransportPlugin meek exec ./meek-client --url=https://forbidden.example/ --front=allowed.example ---- The advantage of SOCKS args is that multiple Bridge lines can have different configurations. diff --git a/doc/meek-server.1 b/doc/meek-server.1 index 2552dce..3b7a07e 100644 --- a/doc/meek-server.1 +++ b/doc/meek-server.1 @@ -2,12 +2,12 @@ ." Title: meek-server ." Author: [FIXME: author] [see http://docbook.sf.net/el/author] ." Generator: DocBook XSL Stylesheets v1.79.1 http://docbook.sf.net/ -." Date: 03/06/2018 +." Date: 01/17/2019 ." Manual: \ & ." Source: \ & ." Language: English ." -.TH "MEEK-SERVER" "1" "03/06/2018" "\ &" "\ &" +.TH "MEEK-SERVER" "1" "01/17/2019" "\ &" "\ &" ." ----------------------------------------------------------------- ." * Define some portability stuff ." ----------------------------------------------------------------- diff --git a/firefox/components/main.js b/firefox/components/main.js index 835cdf3..48f0978 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -8,14 +8,14 @@ // data. The data is UTF-8–encoded JSON, having the format // { // "method": "POST", -// "url": "https://www.google.com/", +// "url": "https://allowed.example/", // "header": { -// "Host": "meek-reflect.appspot.com", +// "Host": "forbidden.example", // "X-Session-Id": "XXXXXXXXXXX"} // }, // "proxy": { // "type": "http", -// "host": "proxy.example.com", +// "host": "proxy.example", // "port": 8080 // }, // "body": "...base64..." diff --git a/meek-client-torbrowser/meek-client-torbrowser.go b/meek-client-torbrowser/meek-client-torbrowser.go index b02f1fc..5c5316a 100644 --- a/meek-client-torbrowser/meek-client-torbrowser.go +++ b/meek-client-torbrowser/meek-client-torbrowser.go @@ -2,7 +2,7 @@ // meek-client to meek-http-helper running in Tor Browser. // // Sample usage in torrc (exact paths depend on platform): -// ClientTransportPlugin meek exec ./meek-client-torbrowser --log meek-client-torbrowser.log -- ./meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com --log meek-client.log +// ClientTransportPlugin meek exec ./meek-client-torbrowser --log meek-client-torbrowser.log -- ./meek-client --url=https://forbidden.example/ --front=allowed.example --log meek-client.log // Everything up to "--" is options for this program. Everything following it is // a meek-client command line. The command line for running firefox is implicit // and hardcoded in this program. diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go index f8ec34e..d8f34c6 100644 --- a/meek-client/meek-client.go +++ b/meek-client/meek-client.go @@ -1,25 +1,23 @@ // meek-client is the client transport plugin for the meek pluggable transport. // // Sample usage in torrc: -// Bridge meek 0.0.2.0:1 url=https://meek-reflect.appspot.com/ front=www.google.com +// Bridge meek 0.0.2.0:1 url=https://forbidden.example/ front=allowed.example // ClientTransportPlugin meek exec ./meek-client // The transport ignores the bridge address 0.0.2.0:1 and instead connects to -// the URL given by --url. When --front is given, the domain in the URL is +// the URL given by url=. When front= is given, the domain in the URL is // replaced by the front domain for the purpose of the DNS lookup, TCP // connection, and TLS SNI, but the HTTP Host header in the request will be the -// one in --url. (For example, in the configuration above, the connection will -// appear on the outside to be going to www.google.com, but it will actually be -// dispatched to meek-reflect.appspot.com by the Google frontend server.) +// one in url=. // // Most user configuration can happen either through SOCKS args (i.e., args on a // Bridge line) or through command line options. SOCKS args take precedence // per-connection over command line options. For example, this configuration // using SOCKS args: -// Bridge meek 0.0.2.0:1 url=https://meek-reflect.appspot.com/ front=www.google.com +// Bridge meek 0.0.2.0:1 url=https://forbidden.example/ front=allowed.example // ClientTransportPlugin meek exec ./meek-client // is the same as this one using command line options: // Bridge meek 0.0.2.0:1 -// ClientTransportPlugin meek exec ./meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com +// ClientTransportPlugin meek exec ./meek-client --url=https://forbidden.example/ --front=allowed.example // The command-line configuration interface is for compatibility with tor 0.2.4 // and older, which doesn't support parameters on Bridge lines. //