Try Out the IC HTTP Proxy: A Leap Towards Decentralized HTTP

Today, I’m excited to present to you a new software that will decentralize how you interact with the Internet Computer: The Local IC HTTP Proxy. This solution is designed to establish a fully decentralized and verifiable communication channel with dApps, opening new doors for seamless interaction with the network.

What is the local IC HTTP Proxy?

The Local IC HTTP Proxy is a proof-of-concept application that allows your local system to act as a proxy for communicating with the Internet Computer. It harnesses the power of certification and completely bypasses the usage of the Boundary Node’s HTTP Gateway that has been the existing approach up until now.

Figure 1: Existing Internet Computer HTTP connections

Figure 2: Internet Computer HTTP connections With the IC HTTP Proxy

As shown on Figure 2, the HTTP Gateway with the IC HTTP Proxy enabled is completely moved to your local device, this shifts remote connections to exclusively be utilizing the API Boundary Nodes that are also being decentralized in the near future as explained on this post.

How Does It Work?

Instead of a remote server that typically acts as an intermediary between your system and the Internet Computer, the local IC HTTP Proxy places this power in your hands. The proxy runs locally, providing a direct and decentralized channel to communicate with dApps running on the Internet Computer.

The proxy implements the IC HTTP Gateway Protocol, translating the default HTTP requests into the expected api calls to the canister. Also, it leverages the _canister-id DNS TXT records available for custom domains to determine what canister that domain is serving. This way, your requests and data get processed directly by the API Boundary Node and all the HTTP transformation and verification happen locally in the proxy.

Last but certainly not least, it terminates TLS locally for dApp domains so that you can completely avoid the existing centralized Certificate Authorities.

How to start the Proxy?

After the proxy is installed in your system (currently supports Windows and MacOSX), launch the application and a taskbar item will appear, by clicking it you can simply start and all your HTTP IC connections will be made secure through it.

Screenshot 2023-05-31 at 11.25.26

What happens to my non IC network connections while running the Proxy?

The IC HTTP Proxy only cares about Internet Computer network connections, for all others it does a passthrough not handling them in any way.

What’s the Benefit?

The implications of this approach are wide-ranging:

Decentralization: The key principle of blockchain technology, decentralization, is strengthened by eliminating the need for centralized servers for communication (as mentioned above API Boundary Nodes are also being decentralized in the near future).

Enhanced Performance: The system efficiency is optimized as the service worker no longer needs to be loaded, which improves the time to load dApps on the first visit.

Greater Control: By allowing your system to communicate directly with the API Boundary Node, you have increased control over your network interactions and can bypass centralized Certificate Authorities for the remote implementations of the IC HTTP Gateway Protocol.

Call to Action: Try it yourself!

As this is still experimental, I’m inviting you to be part of this testing phase. Your feedback is of utmost importance to both me and the entire Trust team, as it will significantly influence the future development of this project. Be it a bug report, a feature suggestion, or even a success story, we are eager to hear it all.

You can download the Local IC HTTP Proxy from the releases page and start exploring. For tech-savvy users interested in diving deep into the software codebase and building from scratch, our comprehensive documentation serves as an essential guide. Remember to share your feedback in this thread.

Let’s embrace the future of decentralized communication together! We look forward to your active participation.

48 Likes

This is huge! Awesome work.

9 Likes

Isn’t this a proxy that can change IP addresses? Why hasn’t my IP changed?

1 Like

Hi @icper, it won’t change your ip address! This proxy is running locally, which means that it will still use your own public IP Address. The goal of this proxy is not to change your IP, rather, it’s to move the IC HTTP Gateway Protocol to your local device and terminate the TLS locally for you which will avoid the centralized Certificate Authorities on the HTTP side, with it you can communicate directly with API Boundary Nodes that will be decentralized in the near future.

Moreover, with the proxy enabled you won’t have the service worker being loaded when you visit a dApp, the proxy will take care of its responsibilities. This also means that a dApp that you visit can have their very own service worker delivered from an asset canister.

If you want to change your IP Address, you should still be able to add a VPN connection in your device and the IC HTTP Proxy should work on top of it.

7 Likes

tow more gemstones on The ICP Infinity Gauntlet. infinty supply of DNS with unstoppable proxy gate.

2 Likes

Hello! Thank you very much for your detailed reply! But I am a non-computer professional, can you explain the benefits of enabling this agent more simply?

I seem to be unable to start, regardless of whether I use a VPN or not. The device is a MacBook M1 Pro, and the software version I downloaded is ic-http-proxy-mac-universal-0.0.2-alpha.dmg.
image

image

image

This proxy creates a direct connection to the Internet Computer’s API endpoint, skipping the Boundary Node’s HTTP Gateway, which makes it the most decentralized way of accessing the Internet Computer today.

Some of the benefits that this would enable are:

  • Decentralization
  • Faster load times on the first visit to a new dApp domain
  • Support for crypto domains in the future
3 Likes

That’s interesting, thanks for the details and the screenshots! You should have logs under ~/Library/Preferences/dfinity/ichttpproxy to help debug the issue.

Feel free to PM me with the logs. I’m happy to help debug the issue.

1 Like

It’s going to be a hard sell to get me to install a proxy.

If you can bundle it with some useful tools, I think it’s a good idea. It’s really hard to convince people to download it

Thanks for the feedback! Did you have some ideas of what useful tools that you would like included in the proxy?

It’s understandable that you would be cautious installing a proxy on your system. Would you like to discuss your reservations further? It’s important to us that people can feel comfortable using this software.

I have to trust you wont be snooping through my traffic right? It’s not that I don’t trust you all but it just doesn’t seem like I need to take the risk.

It’s true that any proxy has the ability to snoop on system traffic, but you don’t have to “trust” us that this proxy is not doing that. The code is open source and can be verified by you, or anyone else.

The zip distributable is built deterministically (unfortunately the “native” installers are very difficult to build deterministically) or the application can be built directly, the only dependencies necessary are NodeJS and Yarn.

isn’t the application built and installed in the nodes? Can i verify those are acting correctly?

Btw I’m not being passive aggressive. I’m genuinely asking .

Btw I’m not being passive aggressive. I’m genuinely asking .

Don’t worry, these are important questions to ask!

isn’t the application built and installed in the nodes? Can i verify those are acting correctly?

Ah are you referring to how a standard proxy will send your traffic to a remote server? That’s not how this proxy works. There’s no remote server receiving your traffic because the proxying happens locally on your computer. The proxy server that’s running on your local computer communicates directly with the Internet Computer network on an encrypted connection in the same way the Service Worker does when it’s installed in your browser.

So the proxy application could snoop on your traffic, but since it runs entirely on your machine, you can verify the code before you build it and then you can see that it’s not doing any snooping.

4 Likes

There is no Android version

  1. The first utility software I can think of is the v-p-n proxy server of the official icp, but I don’t know whether it can be done

To, the reason is that if I want to speed up must be my network environment is not good, so I need to change the IP

  1. A second useful piece of software might be a desktop-based nns polling system or wallet, but it is much simpler to understand than the web.

  2. A third utility might be a pledge/mining software based on resolving domain name services, which people might download and install if they could generate revenue.

This is awesome work.

Since i do have all the necessary infrastructure to get this build going, i will take you up on the offer of getting a reproducible build. Which zip file should i be comparing against?

If everything goes well, i can propose to CodeGov that we (as a part of the community) can verify additional builds. Of course this wiĺl involve “invasive” code review everytime there’s an update (as well as initially). Of course the verification would be on “best effort”.

3 Likes