Thread: Microb and TLS 1.2
View Single Post
Halftux's Avatar
Halftux is offline Halftux
2019-12-23 , 18:43
Posts: 878 | Thanked: 2,535 times | Joined on Feb 2012 @ Germany
#44
Maybe someone want to try nginx with the http_proxy_connect_module don't know if this works.

https://github.com/chobits/ngx_http_...connect_module

https://github.com/chobits/ngx_http_proxy_connect_module/issues/22#issuecomment-346941271

nginx.conf

Code:
/opt/nginx/nginx.conf
add to config to load the module:

Code:
load_module /opt/nginx/modules/ngx_http_proxy_connect_module.so;
You need to further tune the nginx.conf to get a forward proxy with "sslbump" see the link above, the browser need to be configured for the proxy too.

I will attach a nginx version with a dynamic ngx_http_proxy_connect_module
compiled for maemo no additional patches or changes were needed:
Depends: libc6 (>= 2.5.0-1), libgcc1 (>= 1:4.4.0), libpcre3 (>= 4.5), libssl1.1 (>= 1.1.0h), zlib1g (>= 1:1.2.1)

configure parameters:

Code:
./configure \
		--prefix=/opt/nginx \
		--sbin-path=/opt/nginx/nginx \
		--conf-path=/opt/nginx/nginx.conf \
		--error-log-path=/opt/nginx/logs/error.log \
		--http-log-path=/opt/nginx/logs/access.log \
		--pid-path=/opt/nginx/logs/nginx.pid \
		--lock-path=/opt/nginx/logs/nginx.lock \
		--http-client-body-temp-path=/opt/nginx/optified/client_temp \
		--http-proxy-temp-path=/opt/nginx/optified/proxy_temp \
		--http-fastcgi-temp-path=/opt/nginx/optified/fastcgi_temp \
		--http-uwsgi-temp-path=/opt/nginx/optified/uwsgi_temp \
		--http-scgi-temp-path=/opt/nginx/optified/scgi_temp \
		--user=user \
		--group=users \
		--with-http_ssl_module \
		--with-http_realip_module \
		--with-http_addition_module \
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gzip_static_module \
		--with-http_random_index_module \
		--with-http_secure_link_module \
		--with-http_stub_status_module \
		--with-mail \
		--with-mail_ssl_module \
		--without-http_upstream_zone_module \
		--add-dynamic-module=ngx_http_proxy_connect_module
Maybe this parameter should be also activated "--with-threads". To get it compiled I needed to disable http_upstream_zone_module. Next try would to update libatomic to get it compiled with this upstream module.

Another possibility could be maybe to use squid or stunnel.

At the moment I don't have the time to try it over x-mas :-(
But please post your experience if you fail or succeed or if you have some knowledge about squid or stunnel. It would be nice to use old software with newer ssl with the help of a proxy.

The discussion is open now.

Here some links with such a topic.
https://developpaper.com/using-nginx...-proxy-server/
https://stackoverflow.com/questions/...onfig/46382990
https://superuser.com/questions/6043...roxy-for-https
https://github.com/reiz/nginx_proxy
https://www.reddit.com/r/sysadmin/co...ion_to_tls_12/
Attached Files
File Type: deb nginx_1.16.1maemo1_armel.deb (399.2 KB, 134 views)
__________________
N900: gpxsee, fahrplan, gpscon, genwall, qrcode, hextool, libjansson4, libevent-2.0-5, cnee, psi-plus, mihphoto, shc

Maemo flasher/rescue live image.
Fremantle Harmattan SDK VM
Last edited by Halftux; 2019-12-24 at 11:33. Reason: added links
 

The Following 5 Users Say Thank You to Halftux For This Useful Post: