trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Chaves <e...@uolet.com>
Subject Re: Cannot proxy to site HTTPS on port 8443
Date Thu, 21 Feb 2019 21:10:56 GMT
Hi Susan, that whats it, thanks!

Out of curiosity, I'm not yet very familiar to ATS (and remap), but would
it be possible to setup ATS in a way where my clients would request URI
using HTTP and ATS requesting to origin with HTTPS (so I can log request
and responses)?

For example, client would request http://some-site:8443/app?wsdl to ATS and
ATS would actually perform http://some-site:8443/app?wsdl.

Thanks again for your help.

Em qui, 21 de fev de 2019 às 17:42, Susan Hinrichs <shinrich@apache.org>
escreveu:

> If you are proxying through ATS instead of terminating the TLS on the ATS
> box, you will need to update the set of allowed connect_ports
>
> proxy.config.http.connect_ports
>
>
>
> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=connect_ports#proxy.config.http.connect_ports
>
> On Thu, Feb 21, 2019 at 1:23 PM Eric Chaves <eric@uolet.com> wrote:
>
>> Hi folks,
>>
>> I've successfully configured an ATS instance working as forward proxy for
>> my services. My client applications are successfully using the proxy to
>> reach sites running on standard HTTP ports (80 and 443) but when I try to
>> reach a site in non standard site (ie https://some-domain:8443/index.html)
>> I receive an error " Received HTTP code 403 from proxy after CONNECT". The
>> HTTP response headers are:
>>
>> HTTP/1.1 403 Tunnel Forbidden
>> Date: Thu, 21 Feb 2019 19:20:27 GMT
>> Proxy-Connection: keep-alive
>> Server: ATS/8.0.2
>> Cache-Control: no-store
>> Content-Type: text/html
>> Content-Language: en
>> Content-Length: 207
>>
>> If I ssh into the proxy host and perform a simple curl to the site
>> destination (ie curl https://some-domain:8443/index.html) I successfully
>> reach it, so I assume I'm missing something in ATS configuration.
>>
>> Any idea what I could be doing wrong?
>>
>> Best regards,
>>
>> Eric
>>
>

Mime
View raw message