• Post Reply Bookmark Topic Watch Topic
  • New Topic

HTTP to HTTPS Proxy  RSS feed

 
Ron McLeod
Saloon Keeper
Posts: 1562
222
Android Angular Framework Eclipse IDE Java Linux MySQL Database Redhat TypeScript
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to build a Java-based proxy will do the following:
  - receive a HTTP request from a client
  - establish a SSL/TLS tunnel to the server
  - forward the client request to the server through the tunnel
  - receive a response from the server through the tunnel
  - forward the response to the client

+--------+               +-------+              +--------+
|        |  HTTP Request |       |  Establish   |        |
|        |  -----------> |       |  SSL Tunnel  |        |
|        |               |       | ===========> |        |
|        |               |       |              |        |
|        |               |       | HTTP Request |        |
| Client |               | Proxy | -----------> | Server |
|        |               |       |              |        |
|        |               |       | HTTP Response|        |
|        |               |       | <----------- |        |
|        | HTTP Response |       |              |        |
|        | <------------ |       |              |        |
+--------+               +-------+              +--------+


The server is physically co-located with the proxy and the two are connected through an Ethernet cable (no switches or routers). The server is trusted so no need to verify it's certificate.

I assume that I will need to be working with JSSE (javax.net.ssl), but if anyone has done this before and can offer some pointers, it would be appreciated.

Thanks.
 
Karthik Shiraly
Bartender
Posts: 1210
25
Android C++ Java Linux PHP Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can't this be done by deploying the proxy as a servlet or a standalone HTTP handler application (for example, using Apache HttpComponents), and then making a URLConnection to the https:// URL from its get method or handler method?
Not sure I understand the need for JSSE APIs here.
 
Karthik Shiraly
Bartender
Posts: 1210
25
Android C++ Java Linux PHP Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And I'm assuming you have good reasons to roll your own, because there already exist very capable reverse proxies like nginx, httpd, and HA Proxy.
 
Ron McLeod
Saloon Keeper
Posts: 1562
222
Android Angular Framework Eclipse IDE Java Linux MySQL Database Redhat TypeScript
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Karthik Shiraly wrote:Can't this be done by deploying the proxy as a servlet or a standalone HTTP handler application ...

I think what you are suggesting to to create a type of back-to-back user agent, where the proxy would terminate the request from the client, then generate a new request to the server, copying-over the HTTP headers and body - same with the response. I am hoping to just act as a type of security gateway, and forward the requests and responses between the client and server and not get be concerned with what is happening at the HTTP/application level (the exception might be if anything such as a secure flag in a Cookie header receive from the server needs to be removed).
 
Ron McLeod
Saloon Keeper
Posts: 1562
222
Android Angular Framework Eclipse IDE Java Linux MySQL Database Redhat TypeScript
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Karthik Shiraly wrote:And I'm assuming you have good reasons to roll your own, because there already exist very capable reverse proxies like nginx, httpd, and HA Proxy.

I want some very lightweight and specific to my needs - a full-featured HTTP server or proxy seems like over-kill. My target is an small platform with limited CPU and RAM resources.

Also, the applications that I have seen for HTTP/HTTPS interworking seem to be used the other way around, where the proxy acts as a type of SSL accelerator/concentrator, with the secure communications between the client and the front-end, and the non-secure communications between the front-end and the server.
 
Ron McLeod
Saloon Keeper
Posts: 1562
222
Android Angular Framework Eclipse IDE Java Linux MySQL Database Redhat TypeScript
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ron McLeod wrote:I am trying to build a Java-based proxy ...

Actually - calling it a proxy is incorrect - what I really want to build is a tunneling gateway.

+--------+                +---------+              +--------+
| Client |                | Gateway |              | Server |
|        |                |         |  Establish   |        |
|        |                |         |  SSL Tunnel  |        |
|        |                |         | ===========> |        |
|        |                |         |              |        |
|        |  HTTP Request  |        =|==============|=       |
|        | ------------>--|---------|------------> |        |
|        |                |        =|==============|=       |
|        |                |         |              |        |
|        |                |         |              |        |
|        | HTTP Response  |        =|==============|=       |
|        | <--------------|---------|-<----------- |        |
|        |                |        =|==============|=       |
+--------+                +---------+              +--------+

 
Karthik Shiraly
Bartender
Posts: 1210
25
Android C++ Java Linux PHP Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I understand now from the new diagram what you're actually looking for.

What I had in mind earlier was what you described, where the proxy terminates the client request and initiates a new one. They're called reverse proxies, and they can be configured to terminate HTTP and initiate HTTPS, though the reverse is more common as you mentioned.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!