Comments (2)
i-prudnikov
commented on July 28, 2024
Hey, @dhruvrauthan,
AFAIU, the situation is this:
- By default esni-rev-proxy is listening on 0.0.0.0:443, so you either instruct proxy with
-bflag to listen on different port or reconfigure apache server to listen to a different port. - Since esni-rev-proxy is intended to run as a front end it is better to stick to 443 standard port on it, but of course it is up to you.
Anyway, in order to simplify testing, follow this:
- Leave you apache config as it is
- Start esni proxy with:
-b 0.0.0.0:8443(any arbitrary port that is not occupied)
-upstream https://localhost(this is an endpoint of your apache server if you run on the same machine, and your apache is listening on all interfaces)
Then try to curl your esni-rev-proxy, and you should be redirected to your apache.
curl https://localhost:8443 -k
But be aware, your curl requests to ensi rev proxy are not ESNI encrypted, since proxy can handle plain TLS 1.2,1.3 and so on just for the sake of support plain versions.
In order to get true ESNI TLS handshake you need your client application (i.e. browser) to support ESNI - in order to setup client infrastructure you need to follow this steps:
- have a look on
How to run:section in readme. - study this explanation https://habr.com/ru/company/exness/blog/506452/ (this is my article in Russian) and this is translationby google translate https://translate.google.com/translate?sl=ru&tl=en&u=https://habr.com/ru/company/exness/blog/506452/
For the sake of local testing you can use esnitool (have a look on readme how to build it).
from esni-rev-proxy.
dhruvrauthan
commented on July 28, 2024
@i-prudnikov Thank you so much for helping out
Finally, I commented out the Listen 443 line in the ports.conf in the Apache2 files, and further made changes to the VirtualHost conf file to <VirtualHost *:8080>. So Apache2 wasn't listening on the 443 port and the reverse proxy could work on it.
The output is as expected, whenever I visit my website, I cannot identify the server_name extension in the ClientHello since it is encrypted.
Once again, thank you very much
from esni-rev-proxy.
Related Issues (3)
- Compile Error HOT 2
- Error while running prepareGoRoot.sh HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from esni-rev-proxy.