Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for proxying HTTPS server connections on the client side #192

Closed
ktoso opened this issue Sep 8, 2016 · 38 comments
Closed

Add support for proxying HTTPS server connections on the client side #192

ktoso opened this issue Sep 8, 2016 · 38 comments
Labels
Milestone

Comments

@ktoso
Copy link
Member

@ktoso ktoso commented Sep 8, 2016

Issue by sirthias
Monday Oct 27, 2014 at 15:52 GMT
Originally opened as akka/akka#16153


Required for one connection:

  1. Establish plain-text connection to proxy
  2. Send plain-text CONNECT target.host:443 HTTP/1.1 request to the proxy
  3. Wait for 2xx response (afterwards all communication on the connection will be directly tunneled through to the target host)
  4. Start SSL handshake, i.e. upgrade the connection to TLS/SSL
  5. Send the actual requests, read actual responses

This feature should likely be implemented on the level of host-level client-side API as in most cases you'll want a managed connection pool to the proxy.

Some pointers:

@ktoso ktoso added this to the http-backlog milestone Sep 8, 2016
@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by sirthias
Monday Oct 27, 2014 at 15:55 GMT


/cc @jrudolph

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by mackler
Tuesday Oct 28, 2014 at 19:41 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by mlenner
Monday Nov 03, 2014 at 15:03 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by salanki
Tuesday Mar 31, 2015 at 21:59 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by jkew
Tuesday Apr 07, 2015 at 22:21 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by rikardNL
Tuesday May 26, 2015 at 05:33 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by gonstr
Thursday May 28, 2015 at 11:47 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by bdwashbu
Wednesday Jul 15, 2015 at 15:01 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by ktoso
Wednesday Jul 15, 2015 at 21:10 GMT


Relates to akka/akka#17976

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by nilsga
Tuesday Oct 27, 2015 at 07:52 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by carl297r
Thursday Nov 05, 2015 at 02:22 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by ktoso
Thursday Nov 12, 2015 at 00:41 GMT


Logging a "very big" +1 here, we may want to think how and when we could address this.

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by ashugupt
Monday Dec 28, 2015 at 09:01 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by Madder
Monday Dec 28, 2015 at 13:56 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by mirelon
Thursday Feb 04, 2016 at 14:16 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by ktoso
Wednesday Feb 10, 2016 at 11:05 GMT


Logging another +1 (for my reference, sorry for the noise)

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by andrasp3a
Wednesday Mar 30, 2016 at 09:43 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by rahulsinghai
Thursday Mar 31, 2016 at 15:44 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by mlangc
Wednesday Apr 20, 2016 at 07:27 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by lregnier
Friday Apr 29, 2016 at 14:49 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by douglaz
Wednesday Jun 29, 2016 at 14:43 GMT


+1000

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by ktoso
Wednesday Jun 29, 2016 at 14:44 GMT


Akka team won't be able (time wise) to pick up this issue in the short-term, so we'd like to encourage you to try to contribute this feature, or contact us if you'd like sponsor its development.

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by nanothermite
Wednesday Aug 24, 2016 at 17:46 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by greenhost87
Thursday Sep 01, 2016 at 20:43 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by nemccarthy
Thursday Sep 08, 2016 at 02:07 GMT


+1

@ktoso
Copy link
Member Author

@ktoso ktoso commented Sep 8, 2016

Comment by Yeitijem
Thursday Sep 08, 2016 at 12:50 GMT


+1

@ktoso ktoso added the 1 - triaged label Sep 8, 2016
@hensg
Copy link

@hensg hensg commented Oct 31, 2016

+1

1 similar comment
@jesinity
Copy link

@jesinity jesinity commented Nov 11, 2016

+1

@mcamou
Copy link
Contributor

@mcamou mcamou commented Dec 10, 2016

+1

@johanandren
Copy link
Member

@johanandren johanandren commented Dec 12, 2016

Note that a PR is worth more than a million +1s. (Also please use the reaction button instead of spamming this ticket with +1 comments, thanks!)

@alvarow
Copy link

@alvarow alvarow commented Dec 12, 2016

+1, but if the +1 is not enough to express interest, I can always write: PLEASE FIX THIS, I AM INTERESTED IN SEEING THIS FIXED.

@note
Copy link
Contributor

@note note commented Mar 2, 2017

I was playing around this issue and managed to complete HTTPS request via proxy. Here is my code: https://github.com/akka/akka-http/compare/master...note:192-https-proxy?expand=1. It's not ready to be a PR, there is still a lot of work to do, I am mostly sharing it for early validation. So the solution boils down to having additional GraphStage (I called it ProxyGraphStage) between tlsStage and transportFlow. Its only goal is to send CONNECT, wait for OK answer and then simply forward all messages untouched. In future there should be correct error handling and so on. @jrudolph Does such approach makes sense? If it makes sense I will work further on this and prepare a PR.

@jrudolph
Copy link
Member

@jrudolph jrudolph commented Mar 2, 2017

Great work, @note for taking a stab at it. I just opened another PR yesterday which could be used as groundwork for it: it allows to redefine the transport the pool (or a single client connection) uses to access a host. The only predefined transport so far would be the existing TCP transport. Your HTTPS proxy support could be an HttpsProxyTransport, then we could have a SOCKS transport etc.

The basic change you would need to do is to include your underlying TCP connection to the HTTPS proxy into your code. Apart from that no changes to the existing http-core infrastructure would be necessary. WDYT?

It certainly looks promising, so please open a PR. I'll try to merge my PR this week so you can rebase on top of that.

@ktoso
Copy link
Member Author

@ktoso ktoso commented Mar 2, 2017

For reference, the pluggable transport PR #917

@note
Copy link
Contributor

@note note commented Mar 2, 2017

@jrudolph Thanks for your feedback, your PR seems very helpful - with that I think there's a great chance I will be able to implement Https proxy without touching Http.scala at all. Will continue to work on this at latest on Monday.

@jrudolph
Copy link
Member

@jrudolph jrudolph commented Mar 2, 2017

Great, thanks, @note. We (and lots of other people) are looking forward to it.

jrudolph added a commit to jrudolph/akka-http that referenced this issue Jun 14, 2017
jrudolph added a commit to jrudolph/akka-http that referenced this issue Jun 14, 2017
jrudolph added a commit to jrudolph/akka-http that referenced this issue Jun 14, 2017
jrudolph added a commit to jrudolph/akka-http that referenced this issue Jun 14, 2017
…https proxy support
jrudolph added a commit to jrudolph/akka-http that referenced this issue Jun 14, 2017
…https proxy support
ktoso added a commit that referenced this issue Jun 17, 2017
ktoso added a commit that referenced this issue Jun 17, 2017
@2m 2m modified the milestones: 10.0.8, backlog Jun 20, 2017
@2m 2m closed this Jun 20, 2017
@ktoso ktoso removed the 1 - triaged label Jun 20, 2017
tomrf1 added a commit to tomrf1/akka-http that referenced this issue Aug 13, 2017
tomrf1 added a commit to tomrf1/akka-http that referenced this issue Aug 13, 2017
tomrf1 added a commit to tomrf1/akka-http that referenced this issue Aug 13, 2017
tomrf1 added a commit to tomrf1/akka-http that referenced this issue Aug 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
You can’t perform that action at this time.