N
N
Nail Kulanbaev2016-04-18 16:57:23
proxy
Nail Kulanbaev, 2016-04-18 16:57:23

Is there a transparent ssl-proxy without the need to generate certificates?

Good afternoon!
I will describe the situation: there are clients, there is a site aaa.ru. Clients access this resource using the HTTPS/SSL protocol.
The task is to redirect traffic from clients to the aaa.ru resource through a proxy, with a minimum of gestures. Clients are given a new link: xxx.yyy.ru - this domain points to the address of our proxy server. The proxy should simply forward all packets to the aaa.ru host. What in this case will have to be done on the aaa.ru site itself? Allocate a separate IP address, create a virtual domain xxx.yyy.ru, create a new certificate for the domain xxx.yyy.ru? So?
In general, it looks like a reverse proxy, but for example, the nginx manual states that in this case, the proxy itself will still need to create its own certificates. For what? Is it possible to do without it?
Anticipating questions about the man in the middle attack, I’ll say: the proxy will not store anything and analyze traffic, this is exactly what I want to avoid. I would like the proxy to be transparent and not know anything about the traffic of clients, and that it would not be possible to decrypt the traffic on it. The main thing is that the traffic from all clients is collected on a proxy and traffic comes to the final host only from the proxy server.
Also, the main thing is that clients do not need to register a proxy server in the browser, because. such a scheme of work is needed only for one site, without affecting everything else.
UPD: I forgot to mention - most of the clients will go to the "old" address aaa.ru, so just changing the domain is not suitable. Moreover, this site is not ours, but partners, and it is necessary to manage with a minimum of body movements on the site so as not to strain them too much.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
alegzz, 2016-04-18
@alegzz

the meaning of this action is not very clear. if you just need to redirect, then implement it using means like redir and so on (at least nc), and write certificates and settings to aaa.ru

V
Vladimir Dubrovin, 2016-04-19
@z3apa3a

in 3proxy
tcppm 443 aaa.ru 443

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question