geanjunior opened a new issue, #9529: URL: https://github.com/apache/trafficserver/issues/9529
I'm configuring Apache Traffic server as a proxy to be used as an intermediator between clients and one external API. I need to implement a custom authentication service to be used together the AuthProxy plugin as discribed in documentation below: - https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/authproxy.en.html#authproxy-plugin I've configured the remap.config with the below lines: regex_map http://(.*) http://$1 \ @plugin=authproxy.so @pparam=--auth-transform=redirect @pparam=--auth-host=127.0.0.1 @pparam=--auth-port=5000 regex_map https://(.*) https://$1 \ @plugin=authproxy.so @pparam=--auth-transform=redirect @pparam=--auth-host=127.0.0.1 @pparam=--auth-port=5000 When I make an HTTP request, everything works as expected. The client call the proxy, the proxy call the auth server in 5000 port, and then return 200 (when pass in auth). > curl -I http://www.google.com -x http://127.0.0.1:8080 -H "token: abc" Response: HTTP/1.1 200 OK Content-Type: text/html; charset=ISO-8859-1 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Thu, 16 Mar 2023 19:45:24 GMT Server: ATS/9.1.1 X-XSS-Protection: 0 But when I use the HTTPS, the same request not works. The client call the proxy, I can see it at the logs, but the auth plugin is not called. > curl -I https://www.google.com -x http://127.0.0.1:8080 -H "token: abc" Response: HTTP/1.1 403 Tunnel Forbidden Date: Thu, 16 Mar 2023 19:45:46 GMT Proxy-Connection: close Server: ATS/9.1.1 Cache-Control: no-store Content-Type: text/plain Content-Language: en Content-Length: 14 curl: (56) Received HTTP code 403 from proxy after CONNECT I have tried to configure the experimental plugin certifier.so to configure the SSL Interceptor as described in documentation below: - https://docs.trafficserver.apache.org/admin-guide/plugins/certifier.en.html I generate the certificate files as documentation exemplo: - openssl req -newkey rsa:2048 -nodes -keyout ca.key -x509 -days 365 -out ca.cert And put the line bellow in plugin.config file: - certifier.so –store=/home/ubuntu/proxy-server/certs –max=1000 –sign-cert=/home/ubuntu/proxy-server/certs/ca.cert –sign-key=/home/ubuntu/proxy-server/certs/ca.key –sign-serial=/home/ubuntu/proxy-server/certs/ca-serial.txt Some idea about what's wrong in my configuration or what can I do to Apache Traffic Server authenticate HTTPS requests with my custom auth service? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
