logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: HTTP -> HTTPS Proxy
Author
stfl



Joined: 09 Oct 2018
Posts: 1
Location: Vienna

PostPosted: Tue 09 Oct '18 17:45    Post subject: HTTP -> HTTPS Proxy Reply with quote

Hi. We're developing an extension for an existing embedded hardware.
The device does not offer SSL but communicates with a server through HTTP.

We're building a hardware extension that acts as a HTTPS proxy with offloading of the SSL/TLS functionalitiy.

The device sends HTTP packets, our hardware extension (running Linux on arm) converts this to a HTTPS connection.
All SSL functions should be done in the hardware extension.

I figured it should work with Proxy/ReverseProxy functionality.
So far I only came accross redirection which again gives the device a https url which it can't handle.

One idea would be that the extension is the http endpoint, unpacks the data and packs it again in HTTPS.
The extension should act as the only client that talks directly to the server.

This is basically the reverse view of "regular" ssl offloading done as a load balancing function.

I would really appreciate some help or some direction to look at.
Thanks
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 149
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Fri 12 Oct '18 10:19    Post subject: Reply with quote

Hello,

found these lines within my apache's config proxying every request to the directory /pi2/ encrypted to my RaspberryPi2 - without checking the destination server's certificate. Rolling Eyes
Maybe they can be used as a first idea on how to get things done? Of couse you need to load the appropriate modules - if not already done.

Code:
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass /pi2/ https://192.168.0.8/
ProxyPassReverse /pi2/ https://192.168.0.8/


Exclamation Warning
You shouldn't use these config in production as not checking the destination's certificate is not a good idea.
You also should take care to not let any other device into your unencrypted network as there might be a reason why the communication to the service is encrypted...
Back to top


Reply to topic   Topic: HTTP -> HTTPS Proxy View previous topic :: View next topic
Post new topic   Forum Index -> Apache