feat(healthcare): add gost proxy-relay so Chromium can use the residential proxy
Chromium rejects authenticated SOCKS5 ('Browser does not support socks5 proxy
authentication'). Add a gost (ginuerzh/gost:2.11.5) 'proxy-relay' sidecar that
listens unauthenticated on socks5://proxy-relay:11080 and forwards to the
authenticated residential upstream (HEALTHCARE_PROXY_UPSTREAM_URL). Workers point
Playwright at the relay via HEALTHCARE_PROXY_URL=socks5://proxy-relay:11080.
env template: split into HEALTHCARE_PROXY_UPSTREAM_URL (authenticated, password
percent-encoded so '#' -> %23) and HEALTHCARE_PROXY_URL (the relay address).
Validated end-to-end on dev: workers Chromium -> proxy-relay -> residential
egress IP 76.228.206.147; NPPES + PECOS both HTTP 200.
This commit is contained in:
justin
parent
4060fd7562
commit
a79d6b1906
2 changed files with 36 additions and 11 deletions
|
|
@ -121,13 +121,20 @@ HESTIA_PASS={{ vault_hestia_pass | default('') }}
|
|||
|
||||
# ── Residential proxy (healthcare NPPES/PECOS automation) ────────────────────
|
||||
# CMS healthcare portals (NPPES, PECOS, I&A) block datacenter IPs, so the
|
||||
# Playwright healthcare flows route through a residential SOCKS proxy.
|
||||
# Format: socks5://performancewest:<password>@hg409y7ez04.sn.mynetname.net:<port>
|
||||
# (username is "performancewest"). Set the full URL in the ansible vault as
|
||||
# vault_healthcare_proxy_url. Leave blank to run without a proxy.
|
||||
# UNDETECTED_PROXY_URL is the generic fallback used by FCC/state flows.
|
||||
HEALTHCARE_PROXY_URL={{ vault_healthcare_proxy_url | default('') }}
|
||||
UNDETECTED_PROXY_URL={{ vault_undetected_proxy_url | default(vault_healthcare_proxy_url | default('')) }}
|
||||
# Playwright healthcare flows egress through a residential SOCKS proxy
|
||||
# (host hg409y7ez04.sn.mynetname.net, username "performancewest").
|
||||
#
|
||||
# Chromium can't use an *authenticated* SOCKS5 proxy, so the docker-compose
|
||||
# "proxy-relay" (gost) listens unauthenticated and forwards to the
|
||||
# authenticated upstream below. Workers point Playwright at the relay.
|
||||
#
|
||||
# HEALTHCARE_PROXY_UPSTREAM_URL = authenticated upstream consumed by the relay.
|
||||
# Password may contain URL-special chars; store it PERCENT-ENCODED here
|
||||
# (e.g. '#' -> '%23'): socks5://performancewest:<pw%23enc>@host:11080
|
||||
# HEALTHCARE_PROXY_URL = address Playwright/workers use (the relay, no auth).
|
||||
HEALTHCARE_PROXY_UPSTREAM_URL={{ vault_healthcare_proxy_upstream_url | default('') }}
|
||||
HEALTHCARE_PROXY_URL={{ healthcare_proxy_url | default('socks5://proxy-relay:11080') }}
|
||||
UNDETECTED_PROXY_URL={{ undetected_proxy_url | default('socks5://proxy-relay:11080') }}
|
||||
|
||||
# ── Application URLs ──────────────────────────────────────────────────────────
|
||||
DOMAIN=https://{{ domain }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue