Convert HTTPS traffic to HTTP securely.
Convert HTTPS traffic to HTTP securely.
Exactly that but without any encryption between Nginx and the web browser.
The setup involves a browser connecting to a web server via an HTTPS connection, which then routes through a reverse proxy or SSL terminator before reaching the actual web application. This flow ensures encrypted traffic remains secure. Nginx is designed for web serving and proxying, not for handling SSL termination directly.
For development needs, these resources are useful:
- Telerik Fiddler: https://www.telerik.com/fiddler
- Charles Proxy: https://www.charlesproxy.com/
Yes, configuring the setup so all parts run on the device means HTTP will be used on the client side for everything.
When an app like a browser links to HTTPS, it expects a secure reply with a trusted certificate. You can't just decrypt and send it back. If the site uses HSTS, the browser should block redirects to unencrypted pages. Typically, you must set up a proxy such as Fiddler and add its certificate to your browser so it recognizes it. Fiddler decrypts the data, records it, then re-encrypts it before forwarding, requiring the client to accept the valid certificate. If DNS CAA is in place, the connection might still be blocked because the certificate isn't issued by the expected authority.
I suggested sending everything through a proxy without using HTTPS. It functioned as described, though it wasn't exactly what I needed. Now I want the device to display something like www.google.com using HTTP instead of HTTPS.
Thankfully it isn't that simple due to security measures. Google employs a HSTS header with a maximum age of 31,536,000 seconds (about 365 days), ensuring browsers only connect through HTTPS. Once the header is detected, your browser will automatically switch to HTTPS for a full year before allowing any HTTP attempts without an automatic redirect. Google would immediately handle this and the browser would see the header again. Additionally, some software—like mobile apps—may be pre-set to always use HTTPS and ignore redirects, while others might enforce certificate pinning to reject any unauthorized certificates.
The connection between the client and proxy was set up using a LANAC. Initially, using Fiddler helped, but since everything was HTTPS, caching wasn't possible. The goal was to make the LANAC act like a full Internet cache rather than being restricted to only HTTP traffic.