Currently we have a software solution which needs do call home, e.g. for auto update it needs to contact an azure container registry. We are restricted to only have outgoing connections to example.com, all other outgoing connections are blocked by the firewalls of the customers. Therefore all connections we need to operate the software have to go through our reverse proxy.
Therefore we created a reverse proxy like example.com/acr/* which does proxy the connection to example.azurecr.io. Thats all working fine. The problem I have is what do I do with the returning URLs in the answer?
For example by requesting a docker image via example.com/arc/something I get back a response like this, telling docker where the docker container blobs are stored.
HTTP/1.1 307 Temporary Redirect
Location: https://weumanaged131.blob.core.windows.net/...e5698526-1gpll71q59//docker/registry/v2/blobs/sha256/a8/a87a....
Obviously I can't connect to this URL, because I'm restricted to example.com.
Question: Is it somehow possible to rewrite and cache the response URLs with an URL like this: example.com/acr/<UUID>(with a random UUID)? When calling this URL through the reverse proxy, the reverse proxy will proxy the URL to the original location URL like shown above. If there is another solution to redirect the response URLs through my reverse proxy, I'm happy to hear them.
Is something like this even possible with nginx? I'm not restricted to nginx, if some other solution can solve this problem.
Thank you,
Philipp
Edit: To make things clear, the software solution is installed on a machine inside the customer network. The customer network only allows outgoing connections to www.example.com from this particular machine. The reverse proxy is installed on the server in our network (in this case in our Azure cloud network). Therefore it is not possible for us to call other domains from this machine.
