Using HTTPS upstream while in Reverse Proxy Mode

[tuaris]

Tinyproxy version

1.11.1

Issue

Not sure if this is at all possible, but...

I'd like to use Tinyproxy as a reverse proxy only (ReverseOnly) while the default upstream is a SOCKS5 proxy.

Currently I have:

Port 8888
upstream socks5 127.0.0.1:1080
Allow 127.0.0.1

Where (for reason that I won't get into) there is a SOCKS5 proxy server that connects to an Apache web server serving up multiple sites (virtual hosts).

This works great if I setup my web browser to use TinyProxy as it's proxy server. I can connect to anyone of those sites, including both HTTP and HTTPS (the HTTPS is important for the next part).

Now... In front of TinyProxy I have setup an HAProxy instance that has a backend pointing to TinyProxy:

frontend http
  bind *:443 ssl crt /etc/ssl/certs/mysite.pem
  default_backend tunneled

backend tunneled
    server            tinyproxy 127.0.0.1:8888

By now I think you understand what I'd like to do. Essentially I would like to use TinyProxy as an HTTPS -> SOCKS5 -> HTTP/HTTPS proxy/translator.

Question (or feature request) is, what configuration changes must I make to TinyProxy to allow the above to work? For example, one thing that comes to mind is how do I tell TinyProxy that "Site A" on the upstream uses HTTP vs "Site B" on the same upstream uses HTTPS?

[rofl0r]

tinyproxy has no support for TLS, so you can't use a https upstream directly. however, you can create a local tunnel that does the tls decryption and provide a local port with raw http. i think socat should be capable to do such a thing. so the tinyproxy side would look like: tinyproxy -> socat -> https upstream if you want TLS in front of tinyproxy, then stunnel comes to mind, though socat may work for that too.