Skip to content

Latest commit

 

History

History
103 lines (75 loc) · 4.8 KB

README.md

File metadata and controls

103 lines (75 loc) · 4.8 KB
Raw

rama banner

Crates.io Docs.rs MIT License Apache 2.0 License rust version Build Status

Discord Buy Me A Coffee GitHub Sponsors

🦙 Rama (ラマ) is a modular proxy framework for the 🦀 Rust language to move and transform your network packets. The reasons behind the creation of rama can be read in the "Why Rama" chapter.

rama-fp

rama-fp is a fingerprint web service and collector to facilate user agent emulation and validation.

Hosted (via https://fly.io) at:

Also hosted (via https://fly.io) as http/1.1 only:

Finally you can also use the Rama FP Service as an echo service for any method, path, query, body, and so on:

Available at Docker Hub (latest main branch commit):

Developer instructions

Browserstack

We make use of BrowserStack to automatically do the fingerprint flow for all domains above and that for the most recent browsers and operating systems.

Note: this script does not seasonal updates, to take into account the latest mobile devices on the market, as this is a hardcoded list.

The script can be run locally using the just browserstack-rama-fp command, for which you do need to have a valid username and access key in your environment variables.

However, we have a cron job that runs this script daily at 18h, so there is no need to ever run it yourself. It can also be triggered manually. Via the Github Actions pane.

Dashboard: https://automate.browserstack.com/dashboard/v2

TLS Certificate

For now we manually generate Letsencrypt based TLS certifications.

Steps:

  1. use certbot to start process on dev host machine:
sudo certbot certonly --manual -d fp.ramaproxy.org
  1. update the RAMA_FP_ACME_DATA SECRET in https://fly.io app config to enable and point to the new key/value ACME validation pair (format is file_name,file_content)
  2. redeploy
  3. press enter in process started in step (1)
  4. copy key and cert files, found at and to be made available as secrets at:
  • RAMA_FP_TLS_CRT: sudo cat /etc/letsencrypt/live/fp.ramaproxy.org/fullchain.pem | base64 | pbcopy
  • RAMA_FP_TLS_KEY: sudo cat /etc/letsencrypt/live/fp.ramaproxy.org/privkey.pe | base64 | pbcopy

For now this process has to be repeated every 90 days, for both the fp.* and h1.fp.* subdomains. We can probably automate this already using a manual github action flow, given that certbot can be used from within docker and we can update secrets and redeploy using fly's API...

But for now, given this only takes 5 minutes we can probably live with this manual process. Plus even better if we can add ACME support to rama's TLS capabilities and have it auto renew itself... There is no github ticket about this, but feel free to contact glendc by mail or discord if you want to tackle this.