search

dlundquist / sniproxy

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
BSD 2-Clause "Simplified" License
2.57k stars 398 forks source link

Certificate error while proxying to a https site #357

Closed suvvenndu closed 4 years ago

suvvenndu commented 4 years ago

I am using dnsmasq to force traffic to sniproxy which is working fine. Dnsmsq and sniproxy are on two different servers.

I can looks at the logs inside /var/log/sniproxy/https_access.log and see the traffic coming through proxy.

However when on client (chrome), I am getting ,ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

Here is one of the logs from https_access log , 2020-05-14 09:59:09 [::ffff:180.216.30.196]:40656 -> [::ffff:172.31.82.103]:443 -> NONE [www.ip2location.com] 7/7 bytes tx 517/1034 bytes rx 0.000 seconds

I am using "sniproxy.conf" as is , no changes. Do I need to install any SSL certs on my server? If , so , how do I assign it to sniproxy?

sniprox.conf

user daemon

pidfile /var/run/sniproxy.pid
error_log {
    syslog daemon
    priority notice
}

listen 80 {
    proto http
    #table http_hosts
   # fallback localhost:8080
    access_log {
        filename /var/log/sniproxy/http_access.log
        priority notice
    }
}

listen 443 {
    proto tls
    #table https_hosts
    access_log {
        filename /var/log/sniproxy/https_access.log
        priority notice
    }
}
table http_hosts {
    example.com 192.0.2.10:8001
    example.net 192.0.2.10:8002
    example.org 192.0.2.10:8003
}

table https_hosts {
    example.org unix:/var/run/server.sock
}

table {
    #example.com 192.0.2.10
    #example.net 192.0.2.20
    .* *
 }