What does your browser tell folks? - part 2 - Implementation

Brian Jones -

Part 1 showed how to implement a Python Flask server and use WhoIsXMLAPI and the browser user-agent information to find some basic information about the client.

Proxying an existing production server to the flask server

We now need to make that accessible via the web. Generally this means creating a subdomain for the server, requesting SSL certificates etc. However, since I already have a Technicals website (you are reading it at the moment) it will be easier to hang it off this site, and then subdomain registration and SSL registration is already taken care off.
So we need to create a new URL route, /mike on this site and reverse proxy this to the flask server running on 192.168.1.15:5000

    location /mike/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://192.168.1.15:5000/;

    }

is all that is needed.

Now browsing to
/mike
will redirect from the normal Technicals server machine to the flask server.

One further tweak - we are restricted to 1000 WhoIsXMLAPI lookups a month and it would be easy to exceeed that during heavy testing, or if the website fell foul to an attack of any sort, so the flask server expects a parameter on the URL, if it is present and with the correct value then the code will do the WhoIsXMLAPI lookup, if not it will use a saved pre-canned one. This requires no implementation changes as it is handled entirely in the flask but it does mean that to actually get the code to implement a real browser lookup it needs to be called with the parameter - e.g.

/mike?type=xxxx

[Oh, if that doesn't work for you, it'll be because the parameter isn't really 'type=xxxx' :-) ]

Making the flask service a system service

The code works and is now available on the external internet via the URL above but currently it needs to be started manually and will need manual restarting should the 192.168.1.15 machine reboot.

We will create a system service to automatically start the flask server at startup.

sudo nano /etc/systemd/system/internetprobe.service

and add the following

[Unit]
Description=Demo internet credentials check for Mike Eacott
After=network.target

[Service]
User=pi
WorkingDirectory=/home/pi/internetprobe
ExecStart=/home/pi/internetprobe/security1.py
Restart=always

[Install]
WantedBy=multi-user.target

We can start it straight away to test it

sudo systemctl daemon-reload
sudo systemctl start internetprobe

and check it is running

sudo systemctl status internetprobe

before enabling it so that it will startup a boot time

sudo systemctl enable internetprobe

That should be it!