Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Solutions to 'convert' http traffic to https? Proxy? (relay)

Our app is all HTTPS, but we grab mjpeg streams from low-budget devices that do not support SSL.

So, this means that we can either: i. Mix content and have browsers freak out. (Unacceptable since we train users not to trust mixed content pages.) ii. Make the site non-https. (REALLY unacceptable.)

I was thinking that we could run a relay on one of our servers, for which the browsers could hit using SSL, this server would then act as a proxy to the non-SSL mjpeg streams.

We know the IPs of the cameras (static), so we can check that and guard against dns attacks. And you can't establish a TCP-IP connection if you're spoofing an IP (makes 3-way handshake impossible), so I don't see this as disingenuous.

What other solutions could be used to solve this?

like image 539
Chad Avatar asked Nov 05 '11 01:11

Chad


People also ask

Can you proxy HTTPS traffic?

You can use the HTTPS-proxy to secure a web server protected by your Firebox or Firebox, or to examine HTTPS traffic requested by clients on your network. By default, when an HTTPS client starts a request, it establishes a TCP (Transmission Control Protocol) connection on port 443.

Can I use an HTTP proxy to connect to an HTTPS server?

HTTP proxy servers can process HTTP connections (port 80). They can also support HTTPS connections (SSL) but usually such connections are only allowed on port 443 (the standard port for HTTPS).

What happens when a HTTP proxy intercepts a connection?

Content Filtering For example, when a specific website is requested, the proxy can refrain from forwarding the request to the web server. Instead, it intercepts the connection and displays an error or notice to the user.


2 Answers

Even easier on Linux, with mod_proxy and mod_ssl Apache modules:

<VirtualHost *:80>
        ServerName xxx.yyy
        SSLProxyEngine On

        ProxyPass  / https://remote.server.org/

</VirtualHost>
like image 69
agui Avatar answered Sep 21 '22 23:09

agui


Stunnel proved to be the easiest solution for a windows server.

http://www.stunnel.org/

like image 27
Chad Avatar answered Sep 22 '22 23:09

Chad