Controls Web Proxy
Overview
The Controls Web Proxy is a way to view web pages from servers
located inside the Accelerator Controls Firewall. An example of such
pages would be
web displays from
Tektronix scopes. Additionally the Controls Web Proxy can be used
by off-site users to access .fnal.gov web pages which are
restricted to on-site users.
The Controls Web Proxy is a reasonable alternative to using the
Controls VPN for users who need to access web pages inside the
Controls Firewall. It is also an alternative to the
Fermilab Site VPN
for users who want to access restricted .fnal.gov web pages
from off-site.
The Controls Web Proxy works by setting up an SSH tunnel through one
of
the gateway nodes, outland.fnal.gov or outback.fnal.gov. The user's
web browser is configured to access control system web servers through
the SSH tunnel.
The Controls Web Proxy should work with any web browser
on any platform with an SSH client. It has been tested with
Firefox, Internet Explorer, Edge, and Chrome on Microsoft Windows, Safari and Firefox
on Mac, and Firefox on Scientific Linux Fermi.
Step 1: Configure Your Web Browser
Windows 10 -- All Browsers
On Windows 10, you can configure a system proxy which will work with
any web browser, including Firefox, Internet Explorer, Edge, and Chrome.
- Go to Start->Settings->Network and Internet->Proxy
- Enter https://www-ad.fnal.gov/controls/proxy.pac in the Script address box.
- Move the Use setup script slider to On.
- Click the Save button.
Windows 10 -- Firefox
Firefox can be configured to use the System Proxy settings (the default), No proxy, or
its own proxy settings.
- Go to Tools->Options...->Network Settings
- Click the Settings... button.
- To disable proxy use, select No proxy. Other browsers will still use the System Proxy settings.
- To configure the proxy for just Firefox:
- Select Automatic proxy configuration URL
- Enter https://www-ad.fnal.gov/controls/proxy.pac
- Click Reload, OK
Mac -- Safari
- Go to Safari->Preferences...->Advanced
- Click the Proxies: Change Settings... button.
- Click the lock and enter your password.
- Check the Automatic Proxy Configuration box.
- Enter https://www-ad.fnal.gov/controls/proxy.pac in the
Proxy Configuration File box.
- Click the Apply Now button.
The Automatic Proxy Configuration file
(proxy.pac) directs web requests as follows:
If your computer is at Fermilab,
requests to web servers inside the controls firewall use
the Controls Web Proxy. All other requests use direct access.
If your computer is not at Fermilab, all
requests to web servers inside the controls firewall use
the Controls Web Proxy. Requests to other .fnal.gov servers
use the proxy, but failover to direct access if the proxy is not
active. All other requests use direct access.
Step 2: Open the SSH Proxy Tunnel
Windows with Accelerator Controls Customizations
- Go to Start->Accelerator Controls and select Controls Proxy.
The proxy connection will be established and a window showing
the proxy status will appear.
Closing this window will terminate the Controls Web Proxy.
Mac
- ssh -oGSSAPIAuthentication=yes -oGSSAPIDelegateCredentials=yes
-C -D 1080 username@outland.fnal.gov
This command will open an SSH session to outland. dynamically
forwarding port 1080. The Controls Web Proxy will reamin active
until the SSH session is ended.
Scientific Linux Fermi
- ssh -C -D 1080 username@outland.fnal.gov
This command will open an SSH session to outland. dynamically
forwarding port 1080. The Controls Web Proxy will reamin active
until the SSH session is ended.
Step 3: Access Web Sites
Access web pages using a configured web browser. Accelerator Controls and possibly other fnal.gov
requests will be routed through the proxy. If there are problems accessing web pages, try
disabling the proxy to see if it is causing problems.
Last updated 06-Aug-2021 by Jim Smedinghoff
Security, Privacy, Legal