sPHENIX Event Plane Detector discussion

[Ron Belmont <belmonrj AT gmail.com>]

Hi All,

During the meeting JaeBeom asked about how to get behind the BNL firewall from outside the lab.  Here are the steps:

1) log into the ssh tunnel from the terminal

2) setup proxy settings in your browser

Once you’ve done those two, your access to all BNL websites will be through the ssh tunnel and it will be as if you are onsite at the lab, behind the lab firewall and with access to all internal pages.

Step 1 is extremely easy.  All you have to do is:

ssh username AT cssh.rhic.bnl.gov -L 3128:batch3.phy.bnl.gov:3128

Replace username with your actual username, and then enter your RSA key passphrase if prompted (you won’t need to do this if your key is already active).  It’s the same RSA key that you use to log into all the other RACF/SDCC nodes.

Step 2 is slightly less easy than step 1.  My recommendation is to use the FoxyProxy add-on, which is available for Firefox and Chrome.  This is both the easiest and the most flexible option.  Once you’ve added FoxyProxy, all you need to do is generate a JSON file that your browser will use automatically (you can also save it if you want).  Generating the JSON file is a bit tedious but not difficult:

a) Go to FoxyProxy settings

b) Click on Proxies

c) Click on Add New Proxy

d) Under general, give it at name (whatever you like, I call it bnl.gov)

e) Under proxy details, select Manual, set Host or IP Address to localhost, set Port to 3128, check the SOCKS v5 box

f) Under URL patterns, click Add New Pattern

g) Make sure Enabled, Whitelist, and Regular _expression_ are all checked, and then set URL pattern to .*\.bnl\.gov.*

h) Click Save

i) Make sure the Proxy mode is set to Use proxies based on their pre-defined patterns and priorities

NOTE: Do not use global proxy settings under any circumstances.  All traffic through BNL is logged and you are basically guaranteed to violate the computer use agreement at some point during the day if your personal traffic goes through BNL.  The use of a pattern-based proxy server is essential for preventing this, which is why I recommend FoxyProxy.  Alternately, I suppose you could configure one browser for BNL-only traffic and another browser for everything else if you were so inclined.

FoxyProxy for Firefox: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

FoxyProxy for Chrome: https://chrome.google.com/webstore/detail/foxyproxy-standard/gcknhkkoolaabfmlnjonogaaifnjlfnp?hl=en 

Please feel free to ask me any questions you may have, either on the list or in private, whichever you prefer.

Cheers,

Ron

-----------------------------------------------------------------------------
Ron Belmont (he/him/his)
RHIC/AGS Users' Executive Committee
Assistant Professor, Department of Physics & Astronomy
University of North Carolina at Greensboro
-----------------------------------------------------------------------------