Feature: Support to https #6
Comments
|
I would really like to contribute to this project because I do already use it for my own applications - implementing HTTPS would be a great feature. Do you want to generate the keypair dynamically or should the user provide them? |
|
Hey @michivip I am glad you use I was thinking to provide the keypairs within the binary. To make easy to install. I accept suggestions also. |
|
Hello @cristianoliveira , thanks for your fast answer! If I got you right the user can enable HTTPS in the configuration file. If so, the self-signed certificate will be used to provide a secure HTTPS connection. If something is wrong with my understanding please correct me. Otherwise I will implement the feature in the following days. |
|
@michivip I think as a first implementation it can be a flag passed into it. Would be nice if we could manage to provide both. I think is just a matter of binding both ports |
|
As described in this StackOverFlow answer it is not allowed to proxy HTTPS through a PAC file. Therefore I do not think that implementation this feature is possible. If I got you wrong please tell me. |
|
@cristianoliveira, @michivip If you look into the comments you see that they say it is possible to use proxy for https connections (using CONNECT). To do that, you should add the key you use into the proxy as a trusted key(certificate) to the system, or tell each client that the certificate is trusted. This would mean that the setup scripts should also be modified. Also adding a self signed key is not the recommended approach. It is good for testing, but not for production. Please correct me if I'm wrong or I misunderstood the issue. If you still want to continue this, perhaps this would help you: goservervclienttls (shameless brag). Please observe that in both examples provided by @cristianoliveira and myself, both the client and the server need access to a certificate authority (in these cases ca.crt). If you do not want to use a verified certificate, but a self signed one, than you have to provide the authority to the user of the proxy. |
|
There is this method of implementation also: https://goenning.net/2017/11/08/free-and-automated-ssl-certificates-with-go/ It looks quite simple |
|
Yes. It seems to fit the bill. It does use recognized certificates, so it should be ok. |
|
In the tutorial of @cristianoliveira using Let´sEncrypt it says that you need your server to be publicly available. Therefore I think that this is not affordable for ergo because it is bound to the local host system. If I understood something wrong, please tell me. |
|
@michivip The tutorial mentions that the server needs to be publicly available only because that is the main purpose of a web server. Otherwise you cannot reach it through DNS. |
|
Any chance this issue might get some love ? This tool is awesome, but all the projects I'm working on are using HTTPS. :( |
|
Hey @gnutix I'm sorry for that. I still want to do it just for the sake of learning. We tried to leave all the research in this PR on how to implement it. Contributions are welcome! 😄 |
It would be nice to have support to https. It will need a self-signed key.
For more examples on how to implement this, please take a look on that:
https://gist.github.com/denji/12b3a568f092ab951456
The text was updated successfully, but these errors were encountered: