Return-Path: X-Original-To: apmail-trafficserver-users-archive@www.apache.org Delivered-To: apmail-trafficserver-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F11A1723D for ; Mon, 29 Aug 2011 09:31:00 +0000 (UTC) Received: (qmail 40087 invoked by uid 500); 29 Aug 2011 09:30:59 -0000 Delivered-To: apmail-trafficserver-users-archive@trafficserver.apache.org Received: (qmail 37188 invoked by uid 500); 29 Aug 2011 09:30:40 -0000 Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@trafficserver.apache.org Delivered-To: mailing list users@trafficserver.apache.org Received: (qmail 36619 invoked by uid 99); 29 Aug 2011 09:30:33 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Aug 2011 09:30:33 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [193.170.124.222] (HELO smtp.fh-hagenberg.at) (193.170.124.222) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Aug 2011 09:30:24 +0000 Received: from hagmxca01.hagenberg.fhooe.at (193.170.124.106) by hagmxet01.hagenberg.fhooe.at (193.170.124.222) with Microsoft SMTP Server (TLS) id 8.3.192.1; Mon, 29 Aug 2011 11:30:00 +0200 Received: from l064pc.localnet (10.40.0.105) by mail.fh-hagenberg.at (10.40.0.103) with Microsoft SMTP Server (TLS) id 8.3.192.1; Mon, 29 Aug 2011 11:30:03 +0200 To: "users@trafficserver.apache.org" Subject: Proxying to dynamically changing origin servers Content-Language: de-DE From: Rene Mayrhofer Date: Mon, 29 Aug 2011 11:30:01 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-ID: <201108291130.01459.rene.mayrhofer@fh-hagenberg.at> X-Virus-Checked: Checked by ClamAV on apache.org Hi everybody, [Please CC me in replies, I am not currently subscribed to this mailing list.] For a research project, we currently have an interesting problem to solve: to connect HTTPS clients to dynamically changing, internal HTTPS servers. One approach that we are currently evaluating is to use a publicly accessible HTTP proxy with CONNECT support to "tunnel" the HTTPS connections to the internal servers. However, the internal addresses may change dynamically. The question is therefore if Traffic Server can be configured to (or if it is easy to write a plug-in to): a) be used in "normal" proxy server mode for clients with explicit proxy server configuration to use the CONNECT call for some HTTPS URLs; and b) for the origin server resolving to be done dynamically based on internal look-up tables. E.g. the URL https://my-example.local.com/whatever specified by any client in the CONNECT request should be mapped to host 10.20.30.40 (the HTTPS server may use my-example.local.com as its server address, but the IP will change dynamically). I am aware that this is a mix between reverse proxy functionality (mapping to internal servers) and normal proxying (CONNECT to client-specified, different URLs). Based on the SDK documentation, I am also unsure which kind of plug-in would be required to make this work. The backup plan is to use a "normal" proxy with dynamic DNS for resolving the internal IP addresses, but we would like to avoid this complexity if possible. Are we on the right track and is this possible with Traffic Server? best regards, Rene