Home > database >  How might one set up a reverse proxy that cannot decrypt traffic?
How might one set up a reverse proxy that cannot decrypt traffic?

Time:09-02

I'd like to have a reverse HTTPS proxy that CANNOT decrypt proxied traffic (ie an HTTPS passthrough/tunnel). The idea is to run this proxy on a VPS and point a domain to it, allowing for the IP address of the origin server to remain unexposed while maintaining end-to-end encryption.

Is this possible? I could probably proxy requests without difficulty since the destination address in that direction is fixed, but proxying responses seems problematic given that the proxy would be unable to read the client IP within an encrypted response.

A potential solution is to have the origin server package the encrypted response and destination address in a request made to the proxy, but I am unsure as to how I might generate the encrypted request without sending it (using node.js, which is the application running on the origin server).

CodePudding user response:

From your question, I got that you want to listen to requests from your VPC server and pass the request to your other server which has to remain unexposed.

This can be configured with the web server which you are using for proxy ( considering AWS allows port forwarding from a VPN server to non-VPN server ).
I prefer doing this with Nginx as it is easy, open-source with less code and more functionality.
There is a concept of load balancing which does the same as you mentioned above.

steps :

  1. Install Nginx and keep it active.

  2. Create a new configuration file in /etc/nginx/sites-enabled

  3. write the below code with modifications:

    http {
    upstream myapp1 {
    server srv1.example.com;
    server srv2.example.com;
    server srv3.example.com;
    }

    server { listen 80;

     location / {
         proxy_pass http://myapp1;
     }
    

    }
    }

and at the place of srv1.example.com and srv2.example.com add the domain to which you want to redirect requests

  1. Save the file and restart the Nginx
  2. Boom!! it should redirect all incoming requests to your application.
  • Related