| ▲ | p0w3n3d an hour ago | |
I wonder how did you overcome https. As I understand the request that goes to rerouted Imgur proxy will have different cert. | ||
| ▲ | stordoff 15 minutes ago | parent | next [-] | |
AIUI, nginx doesn't terminate the SSL/TLS connection - it is just passed through as is. `ssl_preread on` extracts the server name from the Server Name Indication (SNI) send as part of the TLS handshake, which is unencrypted. I just set up a similar system (Debian LXC permanently connected to a VPN, nginx proxying imgur.com and all its subdomains with the rest being dropped), and it works quite well. Setting DNS records for imgur.com and {api,i,s}.imgur.com seems to be sufficient to get the site and inline images working (not 100% if all are needed - I haven't fully tested it yet). | ||
| ▲ | tshaddox 41 minutes ago | parent | prev [-] | |
Presumably TLS still only happens at the browser and at the Imgur origin server. Everything in between just routes the request without being able to read any of the encrypted stuff. This is no different than using your browser while your computer is connected to the web via a VPN, except that in this case only a small subset of requests go through the VPN. | ||