Comments (14)
See how mitmproxy supports this complication here
from anyproxy.
I've read the wiki about SNI, but can not fully understand it.
In AnyProxy, certificates are signed with hostname, not ip address. So there shouldn't be any problem with virtual hosts.
from anyproxy.
Please see the list of complications mitmproxy talks about here: https://github.com/mitmproxy/mitmproxy/blob/master/doc-src/howmitmproxy.html#L125
They are hopefully documented a little better than the wiki page and can help clarify the different scenarios rather than me restating it :-)
from anyproxy.
My english is very poor.
Using SNI -> NodeHTTPSServer Support & Client Support
NodeHTTPSServer Support -> True
Client Support -> IE on XP & Other
Other -> True
IE on XP -> False !-> Using SNI
So IE on XP -> Unnecessary -> Using SNI
Using SNI -> Only listen one TCP port.
支持了 SNI 现在的模式就不用监听那么多端口了,但是 IE6 不支持 SNI 。
其实还有更好的解决方案 XD 。 Some implementation better .
https://github.com/guangwong/server-for-http-proxy/blob/master/lib/http-server-supported-https.js
这是 0.11.x 上的实现 ,0.10.x 需要多一些工作。
from anyproxy.
@dweinstein
Perhaps I've found out why SNI is not necessary our proxy server.
For regular https servers, users send requests DIRECTLY to it. So a server should identify the hostname during TLS handshaking(OSI layer 5) and deliver a corresponding certificate. This is why SNI should be invoked on virtual hosts.
When it comes to proxy server, something changed. If a user wants to connect an https server via proxy, the browser will send an http(not https) request with CONNECT method first. During this process, the proxy server could learn the target host name and then establish a socket tunnel to target server. Now you can see, since we have got the hostname on OSI layer 7, SNI is no longer needed.
Please note that we are talking about regular proxy server, not reverse proxy for load balance on server side.
from anyproxy.
@dweinstein
The previous comment explains why SNI is not needed in the user-side interface of proxy.
After thinking it again, maybe it is still necessary for the back-side. When the target server is deployed on a virtual host, we have to implement SNI on proxy side correspondingly.
The solution may have to do with something about nodejs api. I'll try to find out and publish a new version if needed.
Thanks !
from anyproxy.
@guangwong 如上文所述,SNI应该是Proxy向server发送信息时需要支持的特性。至于用户这边的方案,多开几个端口也没什么问题,哈哈。
from anyproxy.
@ottomao 是呀,单机自己用这样也是没有关系的。 我在做淘宝这边的一个集中代理工具,是集中式的需要多考虑这些的(最伤心的还有证书安全。。 )。
from anyproxy.
@guangwong 不知道有没有给你回复过,AnyProxy现在已经支持SNI了,不用再开这么多端口。
from anyproxy.
@ottomao 好的~ 我这才知道
from anyproxy.
嗨,大家好。
是否有任何教程如何运行anyproxy SNI支持(和TLS),如果可能的话?
也将是非常容易的,如果它可以透明地运行。
而且我一定在客户端浏览器包括证书或工作的透明?
很多问候
from anyproxy.
@Degreane
Did you use online translation service to get these Chinese words ? It's hard to understand. :(
from anyproxy.
Yes sorry ;)
anyhow was asking if there are any tutorials on how to run anyproxy SNI support (and TLS), if possible?
It will also be very useful if it can run transparently without adding manually the certificate to client browsers. or to find a way to push it to the client browser.
much regards
from anyproxy.
AnyProxy is now support SNI, close the issue.
from anyproxy.
Related Issues (20)
- 在代理一段时间后,代理失效
- 页面打开报错:Failed to load latest log
- can look respose body HOT 1
- Post request http 2 response not supported
- 开发团队你们好,想请教一下响应数据转换乱码问题
- How do I get the IP address of the request side
- 抓取https请求时 无法获取客户端真实ip地址
- http2 support for anyproxy
- YN0002: │ anyproxy@npm:4.1.3 doesn't provide react (p233ec), requested by svg-inline-react
- 运行 anyproxy --intercept 时报错 throw er; // Unhandled 'error' even
- 未抓取到埋点请求,一个断裂的gif文件 HOT 1
- anyproxy与SwitchyOmega配合怎么获取翻墙的数据包 HOT 1
- iOS 手机连接代理 没有网络! HOT 2
- 怎么开启到一个指定IP
- 请教一下,怎么从源代码启动anyproxy呢
- 请更换安全的证书
- Check the proxy page
- 文档域名过期
- 抓包信息无法查看响应BODY
- Anyproxy 的 requestBody 和 downloadBody 提供了一个错误的数据 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anyproxy.