All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Transparent TLS proxy - possibilities?
Hey you nice people,
I am trying to setup a transparent TLS proxy on my VPS.
The operation resulted harder than initially expected.
I actually didn't find any standalone software that was capable of achieving this. Is there any major problem with the implementation that I'm not aware of?
All I want to do is forward a HTTPS request from A to B, passing through C. Of course I don't want to to decrypt the HTTPS traffic at all. Just want to forward it with the certificate provided by A. I do understand that the possible issue with that is a MITM attack aka I would need to provide a valid certificate that assures that the connection passing through my VPS is safe, but are there any other methods (without requiring an external certificate) that allow me to do what I'm trying to?
All I could find is a Kernel-level solution with TProxy: https://www.kernel.org/doc/Documentation/networking/tproxy.txt
But that forces me to not use OpenVZ for example and overall I'm quite surprised that there isn't any purely software-based solution.
Any thoughts about this?
Thanks in advance for any help & hints.
Comments
Idk anything about that stuff but... GRE tunnel?
I've used tcptunnel for semi-similar task -- http://www.vakuumverpackt.de/tcptunnel/
It uses fork though, not the most efficient. But it is super easy to set up.
nvm. my bad
Any software you can recommend? Idk anything about GRE tunnels
Thanks! I tried many similar tools, but none of them worked so far. You sure it can tunnel https connections?
Anything wrong with SNIProxy?
HAProxy.
It should be fine, it tunnels at the TCP level. SNIProxy that @msg7086 mentioned is probably more efficient though.
Thanks for all the suggestions! SNIProxy seems to be perfect for what I'm trying to do. Still searching for a nodejs implementation tho.
Me neither. I just know you can route all traffic from a certain port on a VPS to another VPS (e.g. redirect DDoS protected VPS port to game server port).
Haha
I got it done in the end with SNIProxy + custom node solution. Works very well. Thanks again for all your help!