Configuring Stripe's Smokescreen as a Forward Proxy for Convoy

Stripe's Smokescreen is a powerful tool that can be used as a forward proxy for Convoy, it can be used to achieve Static IPs for your outbound webhook events.

Why Use a Forward Proxy?

A forward proxy acts as an intermediary between clients and servers, forwarding requests on behalf of clients and providing additional services such as caching, security, and anonymity. By using Smokescreen as a forward proxy for Convoy, you can benefit from its advanced features and capabilities.

Configuring Smokescreen as a Forward Proxy

To configure Smokescreen as a forward proxy for Convoy, follow the steps here to install smokescreen on your server.

Start smokcscreen by running:

smokescreen --listen-port <your-desired-proxy-port>

In your convoy.json file, you need to specify the url to smokescreen as your proxy value:

"server": {
  "http": {
    "proxy": "<smokescreen-url>",
    "ssl": false,
    "ssl_cert_file": "",
    "ssl_key_file": "",
    "port": 5005
  }
},

For more extensive documentation of Smokescreen's configuration see here.

Access Control Lists (ACLs)

Smokescreen allows you to specify access control lists, these help prevent IP spoofing attacks.

---
version: v1
services:
  - name: enforce-dummy-srv
    project: usersec
    action: enforce
    allowed_domains:
      - example1.com
      - example2.com
      - deny1.com # overrides global deny list

  - name: report-dummy-srv
    project: security
    action: report
    allowed_domains:
      - example3.com

global_allow_list:
  - goodexample1.com
  - goodexample2.com
  - goodexample3.com
  - conflictingexample.com

global_deny_list:
  - deny1.com
  - deny2.com
  - conflictingexample.com

The enforce action makes smokescreen strictly follow the defined rule, as opposed to report which allows the rule to be broken with a warning. For more extensive documentation of Smokescreen's configuration see here.