Join Log in
Score:0
DUO Labs avatar Server

TLS certificate for SNIproxy, or a reverse proxy with virtual host with a TLS certificate

ro flag
DUO Labs

I currently use SNIProxy (it's the simplest I've seen so far to set up virtual hosts). However, I can only set SSL certificates separately per virtual host with each service's configuration (each one is on a separate port), which can quickly become a problem, and not for the server as a whole, so I only need a certificate for the reverse proxy. So, is there a way to do it? Alternatively, is there a reverse proxy that supports virtual hosts (preferably with wildcards, so that test.* will go to test.com, test.net, test.org, etc.) and setting a TLS certificate for inly that proxy (I still can't figure out how to do it in NGINX or Caddy; NGINX only supports hosts per folder, and Caddy doesn't support custom certificates, though I can be wrong).

124
0 + 0
ssl
Score:0
DUO Labs avatar Server
ro flag
DUO Labs

What I ended up doing is putting the virtual hosts in SNIProxy on localhost http, and putting NGINX as a HTTPS frontend to it, so that when it recieves a request, it shuttles it to localhost along with the host header.

For posterity, here is my configs:

For SNIProxy:

user nobody
pidfile /run/sniproxy/sniproxy.pid

error_log {
    syslog deamon
    priority notice
}

listen 127.0.0.1:8000 {
    proto http
}

table {
    whoogle.* 127.0.0.1:2000
    
    adguard.* 127.0.0.1:2001

    bitwarden.* 127.0.0.1:2002
    
    thea.* 127.0.0.1:2003

    files.* 127.0.0.1:2004

    photopea.* 127.0.0.1:2005

    desmos.* 127.0.0.1:2006

    youtube.* 127.0.0.1:2007

}

and nginx.conf

worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /dev/null;

daemon off;

events {
    worker_connections  1024;
}


http {
    proxy_temp_path ./tmp;
    access_log /dev/null;
    ssl_certificate ./cert.pem;
    ssl_certificate_key ./key.pem;
    proxy_set_header Host $host;
    client_body_temp_path ./tmp;

    server {
            listen       127.0.0.1:443 ssl;
    
            server_name  *.test;
    
            location / {
                proxy_pass http://127.0.0.1:8000;
            }
        }
    
        server {
            listen       192.168.1.67:443 ssl;
            
            server_name  *.tt;
    
            location / {
                proxy_pass http://127.0.0.1:8000;
            }
        }

        server {
                    listen       127.0.0.1:80;
                    
                    server_name  *.test;

                    return 302 https://$host$request_uri;
                }
            
                server {
                    listen       192.168.1.67:80;
                    
                    server_name  *.tt;

                    return 302 https://$host$request_uri;
                }
}
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.