You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by Eric Chaves <er...@uolet.com> on 2019/02/21 19:23:28 UTC
Cannot proxy to site HTTPS on port 8443
Hi folks,
I've successfully configured an ATS instance working as forward proxy for
my services. My client applications are successfully using the proxy to
reach sites running on standard HTTP ports (80 and 443) but when I try to
reach a site in non standard site (ie https://some-domain:8443/index.html)
I receive an error " Received HTTP code 403 from proxy after CONNECT". The
HTTP response headers are:
HTTP/1.1 403 Tunnel Forbidden
Date: Thu, 21 Feb 2019 19:20:27 GMT
Proxy-Connection: keep-alive
Server: ATS/8.0.2
Cache-Control: no-store
Content-Type: text/html
Content-Language: en
Content-Length: 207
If I ssh into the proxy host and perform a simple curl to the site
destination (ie curl https://some-domain:8443/index.html) I successfully
reach it, so I assume I'm missing something in ATS configuration.
Any idea what I could be doing wrong?
Best regards,
Eric
Re: Cannot proxy to site HTTPS on port 8443
Posted by Alan Carroll <so...@verizonmedia.com>.
Yes, that's a common use case.
On Thu, Feb 21, 2019 at 3:11 PM Eric Chaves <er...@uolet.com> wrote:
> Hi Susan, that whats it, thanks!
>
> Out of curiosity, I'm not yet very familiar to ATS (and remap), but would
> it be possible to setup ATS in a way where my clients would request URI
> using HTTP and ATS requesting to origin with HTTPS (so I can log request
> and responses)?
>
> For example, client would request http://some-site:8443/app?wsdl to ATS
> and ATS would actually perform http://some-site:8443/app?wsdl.
>
> Thanks again for your help.
>
> Em qui, 21 de fev de 2019 às 17:42, Susan Hinrichs <sh...@apache.org>
> escreveu:
>
>> If you are proxying through ATS instead of terminating the TLS on the ATS
>> box, you will need to update the set of allowed connect_ports
>>
>> proxy.config.http.connect_ports
>>
>>
>>
>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=connect_ports#proxy.config.http.connect_ports
>>
>> On Thu, Feb 21, 2019 at 1:23 PM Eric Chaves <er...@uolet.com> wrote:
>>
>>> Hi folks,
>>>
>>> I've successfully configured an ATS instance working as forward proxy
>>> for my services. My client applications are successfully using the proxy to
>>> reach sites running on standard HTTP ports (80 and 443) but when I try to
>>> reach a site in non standard site (ie
>>> https://some-domain:8443/index.html) I receive an error " Received HTTP
>>> code 403 from proxy after CONNECT". The HTTP response headers are:
>>>
>>> HTTP/1.1 403 Tunnel Forbidden
>>> Date: Thu, 21 Feb 2019 19:20:27 GMT
>>> Proxy-Connection: keep-alive
>>> Server: ATS/8.0.2
>>> Cache-Control: no-store
>>> Content-Type: text/html
>>> Content-Language: en
>>> Content-Length: 207
>>>
>>> If I ssh into the proxy host and perform a simple curl to the site
>>> destination (ie curl https://some-domain:8443/index.html) I
>>> successfully reach it, so I assume I'm missing something in ATS
>>> configuration.
>>>
>>> Any idea what I could be doing wrong?
>>>
>>> Best regards,
>>>
>>> Eric
>>>
>>
Re: Cannot proxy to site HTTPS on port 8443
Posted by Eric Chaves <er...@uolet.com>.
Hi Susan, that whats it, thanks!
Out of curiosity, I'm not yet very familiar to ATS (and remap), but would
it be possible to setup ATS in a way where my clients would request URI
using HTTP and ATS requesting to origin with HTTPS (so I can log request
and responses)?
For example, client would request http://some-site:8443/app?wsdl to ATS and
ATS would actually perform http://some-site:8443/app?wsdl.
Thanks again for your help.
Em qui, 21 de fev de 2019 às 17:42, Susan Hinrichs <sh...@apache.org>
escreveu:
> If you are proxying through ATS instead of terminating the TLS on the ATS
> box, you will need to update the set of allowed connect_ports
>
> proxy.config.http.connect_ports
>
>
>
> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=connect_ports#proxy.config.http.connect_ports
>
> On Thu, Feb 21, 2019 at 1:23 PM Eric Chaves <er...@uolet.com> wrote:
>
>> Hi folks,
>>
>> I've successfully configured an ATS instance working as forward proxy for
>> my services. My client applications are successfully using the proxy to
>> reach sites running on standard HTTP ports (80 and 443) but when I try to
>> reach a site in non standard site (ie https://some-domain:8443/index.html)
>> I receive an error " Received HTTP code 403 from proxy after CONNECT". The
>> HTTP response headers are:
>>
>> HTTP/1.1 403 Tunnel Forbidden
>> Date: Thu, 21 Feb 2019 19:20:27 GMT
>> Proxy-Connection: keep-alive
>> Server: ATS/8.0.2
>> Cache-Control: no-store
>> Content-Type: text/html
>> Content-Language: en
>> Content-Length: 207
>>
>> If I ssh into the proxy host and perform a simple curl to the site
>> destination (ie curl https://some-domain:8443/index.html) I successfully
>> reach it, so I assume I'm missing something in ATS configuration.
>>
>> Any idea what I could be doing wrong?
>>
>> Best regards,
>>
>> Eric
>>
>
Re: Cannot proxy to site HTTPS on port 8443
Posted by Susan Hinrichs <sh...@apache.org>.
If you are proxying through ATS instead of terminating the TLS on the ATS
box, you will need to update the set of allowed connect_ports
proxy.config.http.connect_ports
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=connect_ports#proxy.config.http.connect_ports
On Thu, Feb 21, 2019 at 1:23 PM Eric Chaves <er...@uolet.com> wrote:
> Hi folks,
>
> I've successfully configured an ATS instance working as forward proxy for
> my services. My client applications are successfully using the proxy to
> reach sites running on standard HTTP ports (80 and 443) but when I try to
> reach a site in non standard site (ie https://some-domain:8443/index.html)
> I receive an error " Received HTTP code 403 from proxy after CONNECT". The
> HTTP response headers are:
>
> HTTP/1.1 403 Tunnel Forbidden
> Date: Thu, 21 Feb 2019 19:20:27 GMT
> Proxy-Connection: keep-alive
> Server: ATS/8.0.2
> Cache-Control: no-store
> Content-Type: text/html
> Content-Language: en
> Content-Length: 207
>
> If I ssh into the proxy host and perform a simple curl to the site
> destination (ie curl https://some-domain:8443/index.html) I successfully
> reach it, so I assume I'm missing something in ATS configuration.
>
> Any idea what I could be doing wrong?
>
> Best regards,
>
> Eric
>