Thanks Leif, I did not want to answer you this mail before, prior to
performing other tests.
On the other hand, I saw that developers are still working on extensions
from SSL
(https:www.mail-archive.comdevtrafficserver.apache.orgmsg06487.html).
Do you know if it is a modification for design improvement or do they
want to prepare for future some form of dynamic generation of certificates?
Regards. Mauro.
El 13/08/14 19:37, Leif Hedstrom escribió:
On Aug 14, 2014, at 2:34 AM, Mauro Gasparini <[email protected]> wrote:
I would like to get help to configure Trafficserver and HTTPS.
My goal is to achieve Transparent Proxying to perform caching of http and https
(mainly of videos for youtube/googlevideo and facebook/akamai images).
I've been reading this week
mail-archives.apache.org/mod_mbox/trafficserver-users and
docs.trafficserver.apache.org but could not achieve my objective.
Questions:
. Do I have to install an SSL server certificate?
Yes. For every domain that you want to cache / proxy HTTPS for. Or use some
other MITM type attacks against TLS.
. Do I have to make a remap rule?
No.
Lets take HTTPS out of the picture, because without some major effort (such as
creating a CA that your clients trust, and injecting certificates for all
domains), it won’t work in tproxy. With the remaining configs, does it not
work? I didn’t examine your setups, but we do support transparent proxy for
HTTP.
— Leif
