I think most browsers have added support to use Secure (HTTPS) Proxy without having to rely on HTTP Connect method. 378637 - Add support for connecting to HTTP proxy over HTTPS
| | | | 378637 - Add support for connecting to HTTP proxy over HTTPS RESOLVED (mcmanus) in Core - Networking: HTTP. Last updated 2017-03-18. | | | http://www.chromium.org/developers/design-documents/secure-web-proxy When clients support talking HTTPS directly to proxy, setting up ATS to terminate SSL should be based on the docs you already looked at. It's really up to the client though and I think curl probably still doesn't have the support and uses the CONNECT method. If you are trying to make enable CONNECT method on ATS, I think it should work seamlessly out-of-box (as long as the CONNECT method is not blocked in the ip_allow.config ip_allow.config — Apache Traffic Server 8.0.4 documentation ) | | | | ip_allow.config — Apache Traffic Server 8.0.4 documentation | | | ATS also supports a few other custom handling for CONNECT method. For e.g see records.config — Apache Traffic Server 9.0.0 documentation | | | | records.config — Apache Traffic Server 9.0.0 documentation | | | Thanks, Sudheer On Friday, July 19, 2019, 08:50:12 AM PDT, Zhiyong Lin (BLOOMBERG/ PRINCETON) <zl...@bloomberg.net> wrote: I followed the document to setup certs and keys for ATS. But it does not seem to take these and terminate SSL in forward mode. My understand with forward proxy is that UA sends a CONNECT command first, ATS establishs a tunnel between UA and origin server. My question is how is the termination happen? I think we need to make ATS connect to itself when getting CONNECT command? From: sudheervinuko...@yahoo.com At: 07/18/19 15:24:41To: Zhiyong Lin (BLOOMBERG/ PRINCETON ) , dev@trafficserver.apache.org Subject: Re: dev@trafficserver.apache.org Hi Zhiyong, SSL termination for ATS is not any different when ATS is being used as a forward vs reverse proxy. This might be a good start to configure SSL termination on ATS (if you've not already read it) - Security — Apache Traffic Server 9.0.0 documentation Security — Apache Traffic Server 9.0.0 documentation You can also navigate other linked docs in there for other aspects related to ATS. Good luck and we will be curious to hear your experiences in setting up. - Sudheer On Thursday, July 18, 2019, 12:18:47 PM PDT, Zhiyong Lin (BLOOMBERG/ PRINCETON) <zl...@bloomberg.net> wrote: Hi All, We are setting up ATS as a forward proxy and try to examine both HTTP/HTTPS traffic. For HTTPS we need to terminate ssl, and we find plugin certifier that can dynamically generate certificate. We read through the certifier plugin's document but still not sure how to setup ATS so that SSL termination in forward proxy mode works. Any help will be appreciated. Also is there any document of the whole flow of an HTTP/HTTPS request?
