LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 12-13-2012, 07:31 AM   #1
willbro
LQ Newbie
 
Registered: Dec 2012
Posts: 1

Rep: Reputation: Disabled
Forwarding https from one ip to another and back with last server having CA


This is my Setup Below

Server2
Server1
Client


When the client sends a https request to server1 i want server 1 to forward the https connection to server 2 then on return i want server 2 to pass connection to server 1 then back to the client .
I also need server2 to see the ip off server1 and clent to see the ip off server 1 if possible

I have done a setup simular to this before with nginx however the problem that i had is that nginx could not just forward the https connection as i needed to self sign the certificates so it came up with a browser warning .

I do not reguire to log anything or anything like that i just need the https connection to go from client to diffrent ip to server2 and on path back all info sent to server1 is forwarded to client but server2 to must think that client is in the usa even if he is in the uk so server2 will see server 1 ip

Maybee there is a diffrent way maybee server1 could be some sort off rooter or ip tunnel any suggestions will be apreshiated aslong as server 2 thinks it is connected to server1 and not client as i am trying to bypass geo location with https .

Dont think anyone will be able to help with this but i know it can be done but i cant figure out how for the life off me

all traffic to my domain is linked through dnsmask to server 1 so everyone on my network when they type my web address will be sent to server1 then i need them sent to server2 then back .The https connection will be accepted as the domain in the browser and the security certificate on server2 will match

I have centos hope someone can help
 
Old 12-14-2012, 01:05 PM   #2
Pearlseattle
Member
 
Registered: Aug 2007
Location: Switzerland
Distribution: Gentoo
Posts: 661

Rep: Reputation: 71
Hi
I am sorry, but I think that your chances for success are quite small (if I understood what you want to do).
But: it might depend what you mean with "see the IP of..." => "what" is supposed to see the source IP address?

In any case, basically: I think that the only way that the incoming connection from "CLIENT" through httpS can be handled by your "SERVER2" going through "SERVER1" is for "SERVER1" to be a level 2 (or 3?) kind-of-loadbalancer => that way the contents of the public certificate that CLIENT sends would not be touched by SERVER1 and then SERVER2 would be able to perform the handshake the usual way that httpS works... .

Implementing a normal proxy on SERVER1 would terminate there the client's httpS connection and on SERVER2 you would get only informations/certificates that relate to SERVER1 and not to the CLIENT.

Is this more or less what you want to do?
If yes, I think that in the current linux kernels there is already a level2/3 loadbalancer/proxy available as module... (but I cannot remember how it's called ).
 
Old 12-14-2012, 01:44 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,519
Blog Entries: 51

Rep: Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598Reputation: 2598
Quote:
Originally Posted by willbro View Post
the problem that i had is that nginx could not just forward the https connection as i needed to self sign the certificates so it came up with a browser warning .
That has nothing to do with Nginx but with the way SSL, and particularly self-signed certificates, works.


Quote:
Originally Posted by willbro View Post
(..)info sent to server1 is forwarded to client but server2 to must think that client is in the usa even if he is in the uk (..) aslong as server 2 thinks it is connected to server1 and not client as i am trying to bypass geo location with https .
The origin server probably uses GeoIP for good reason. I suggest you read the legal status of what you're trying to accomplish from their TOS or AUP first. If this is about a commercial service then you should be aware such circumvention is not a topic for LQ.

Last edited by unSpawn; 12-14-2012 at 01:45 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
https server ??? ballydiv Linux - Server 4 08-12-2011 08:53 AM
Set up HTTPS Server justemail Linux - Newbie 2 05-17-2009 01:53 AM
Iptables forwarding from gateway back to the inside network casolorz Linux - Networking 5 02-03-2009 03:18 PM
HTTPS and HTTP on same server Jake_B Linux - Software 2 11-28-2005 04:47 PM


All times are GMT -5. The time now is 02:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration