feat: SOCKS proxy on the API BNs #2191
Draft
+380
−48
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context:
Currently HTTPS outcalls are only supported to IPv6 destinations. Certain system canisters (e.g., XRC) have to make outcalls to destinations that only support IPv4. Until now, there was a SOCKS proxy on all boundary nodes. With the new boundary node architecture, the SOCKS proxy has to be moved to the API boundary nodes.
This Change:
This change consists of two parts:
dante
: It installsdante
and starts it. For now, I includeddante
both in the base image and the normal image (for fast testing).Note: Before we merge, I will create a separate PR #2231 to install
dante
in the base image only and bump the base image in this PR.