-
Notifications
You must be signed in to change notification settings - Fork 442
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for proxying HTTP to HTTPS #175
Comments
Hey there, thanks for opening an issue. Sorry for the delayed reply. I believe the culprit in the situation described is the Recreation / Example SolutionIf I add Notice that this time, even though the I don't know if |
This seems to work for your setup above, but without any change to
|
Awesome thanks @dentarg. I'm closing this issue because I believe it's been resolved by the above comment. Please feel free to reopen it if you disagree @mmollaverdi. |
@jpittis do you want to add a note to the README in the FAQ? |
I'm trying to do something similarly, but with two important differences:
Struggling to figure out how to do both here. Any insight? |
Toxiproxy doesn't know anything about the data it passes through the proxy. It is not protocol specific. If you want to proxy https, you need to either have the request hostname match the proxy target somehow (like with Another option would be to put something like nginx, or another http-specific proxy in front of the target server to handle ssl for you. That way all proxied connections can run on http instead. |
@jpittis thanks for this reply, we were able to duplicate the same success you showed for google.com and other popular websites. However, we're running into one issue with a website (not publicly accessible) where we do the exact same thing as you're showing, but we get an $ curl --verbose -H "Host: our.special.website.com" https://our.special.website.com:6677
* Rebuilt URL to: https://our.special.website.com:6677/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to our.special.website.com (127.0.0.1) port 6677 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to our.special.website.com:6677
* Curl_http_done: called premature == 0
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to our.special.website.com:6677 |
@carpeliam were you able find find solution to this https issue |
Problem
I have some upstream APIs which run over https. Using toxyproxy to proxy https to https works fine, except that the local toxiproxy instances won't be responding with a valid SSL certificate, so over curl for example, I need to use the
-k
option:This is hard to get around specially if you're using toxi-proxy to test the interactions between different APIs. The downstream APIs which talk to upstream dependencies through toxiproxy, need to disable SSL certificate verification. This is done differently depending on which programming language and which library that API uses.
Suggestion
My suggestion is to implement support for proxying https requests through http, i.e. a toxi-proxy proxy can
listen
s over http, but communicates toupstream
over https. One way to configure such proxies would be to include the desired protocol in bothlisten
andupstream
values, but there are probably other ways to achieve this too.Note the inclusion of
http
in-l
argument andhttps
in-u
above.This doesn't seem to be supported currently.
Thoughts abut adding support for this or alternative solutions which would achieve this?
The text was updated successfully, but these errors were encountered: