Windows – HTTP to HTTPS local proxy that can do the HTTPS connection over a proxy

httphttpsPROXYstunnelwindows

Here's the deal:

Our client software can only connect using http protocol, it can not do https.
However, security requirements dictate end-to-end security, so we need to use https when talking to the server.
Now I have been able to do this in a testing environment by using stunnel with the following configuration:

stunnel.conf file:

[mylocalproxy]
client = yes
accept = 127.0.0.1:3000
connect = the.real.server:443

Given the stunnel config above, I can configure my test client to use endpoint address http://localhost:3000/endpoint/url/ and everything works fine.
But on the production environment, the client side does not have direct network access to the.real.server. Http/s traffic from the client side has to go through a proxy server.
My questions:
- Is it possible to configure stunnel to connect using a proxy server?
- If not possible using stunnel, is there another way I can accomplish this?

Best Answer

You can do it with:

[SSL Proxy]
accept = 8443
connect = 8084
cert = certificate.pem
key = private_key.pem

You will need a certificate from a certificate authority to allow https client connections.

Related Solutions

Linux – How to Tunnel Over HTTPS Proxy Server (Client-Server Model)

You can use openvpn http://www.openvpn.net/. On client side use protocol TCP and proxy. On server side use protocol TCP and port share with apache server not work on Windows.

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Related Topic