[OpenIndiana-discuss] web proxy server w/SSL/TLS termination (on OI)

Jonathan Adams t12nslookup at gmail.com
Fri Dec 28 09:59:30 UTC 2018 

Hi,

we use Squid on OI, and it works well, but I don't think you'll be able to
do what you want with your older sparc kit.

when the browser connects to SSL, it opens up a tunnel through the proxy,
over HTTP, and the browser still does all the work of TLS/SSL ...

unless you're going to accelerate each individually named host, via
something like the Apache HTTPD accelerator, I don't think you'll be able
to do what you want.

Jon

On Mon, 24 Dec 2018 at 21:19, Tim Mooney <Tim.Mooney at ndsu.edu> wrote:

> In regard to: [OpenIndiana-discuss] web proxy server w/SSL/TLS
> termination...:
>
> > I would like to be able to do some basic web surfing on these older
> > boxes.
>
> TLS is going to be just one of the issues you encounter.  Poor or missing
> support for HTML 5, CSS, and JavaScript in older browsers are going to be
> an impediment too.
>
> > What I'm looking at doing is setting up a web proxy, and, having that
> > web proxy also do the SSL/TLS termination.  Ideally, this proxy software
> > would run on OI.
>
> Ok, you're talking about a *forward* proxy.
>
> A TLS or SSL terminating proxy is more often used in a reverse proxy
> config, but as the wiki article you linked mentions, there are reasons
> to do encryption termination even with a forward proxy.
>
> I have a bunch of experience with reverse proxies, but not much with
> forward proxies.
>
> Still, if I were trying to do what you're trying, I would start with
> Apache httpd.  It supports forward proxying, there's a ton of
> documentation on Apache httpd, and a recent version is part of OI.
> Some googling makes it look like forward proxying is (like reverse
> proxying) pretty easy to set up:
>
>         https://theheat.dk/blog/?p=929
>
> The thing to be very careful with is restricting access, so that your
> system doesn't become an open web proxy.  Any documentation on forward
> proxying with httpd will likely stress that.
>
> Good luck!
>
> Tim
> --
> Tim Mooney                                             Tim.Mooney at ndsu.edu
> Enterprise Computing & Infrastructure                  701-231-1076 (Voice)
> Room 242-J6, Quentin Burdick Building                  701-231-8541 (Fax)
> North Dakota State University, Fargo, ND 58105-5164
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>

More information about the openindiana-discuss mailing list