GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → suntobright → Keyless Solution

suntobright / Keyless Solution

The solution of keyless proxy.

Programming Languages

c
50402 projects - #5 most used programming language

Labels

proxynginxopenssl

Projects that are alternatives of or similar to Keyless Solution

Exporter exporter
A reverse proxy designed for Prometheus exporters
Stars: ✭ 194 (+1112.5%)
Mutual labels:  proxy, nginx
E2guardian
E2guardian is a web content filter that can work in proxy, transparent or icap server modes
Stars: ✭ 340 (+2025%)
Mutual labels:  proxy, openssl
Net Shield
An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices - Beta
Stars: ✭ 202 (+1162.5%)
Mutual labels:  proxy, nginx
Docker Nginx Image Proxy
on the fly image cropping with gravity, resize and compression microservice
Stars: ✭ 79 (+393.75%)
Mutual labels:  proxy, nginx
Engintron
Engintron for cPanel/WHM is the easiest way to integrate Nginx on your cPanel/WHM server. Engintron will improve the performance & web serving capacity of your server, while reducing CPU/RAM load at the same time, by installing & configuring the popular Nginx webserver to act as a reverse caching proxy in front of Apache.
Stars: ✭ 587 (+3568.75%)
Mutual labels:  proxy, nginx
Smtpd
A Lightweight High Performance ESMTP email server
Stars: ✭ 175 (+993.75%)
Mutual labels:  proxy, nginx
Proxygateway
Proxy Gateway基于openresty(nginx lua module)开发,可以作为接口网关(api gateway)使用,整合业务模块接口,微服务治理聚合,通过web配置界面,能够轻松进行代理配置管理,支持负载均衡,服务器状态检测等
Stars: ✭ 335 (+1993.75%)
Mutual labels:  proxy, nginx
Lhttps
Create https for local development environment or localhost.
Stars: ✭ 172 (+975%)
Mutual labels:  openssl, nginx
Nginx Le
Nginx with automatic let's encrypt (docker image)
Stars: ✭ 475 (+2868.75%)
Mutual labels:  proxy, nginx
Nginx Autoinstall
Compile Nginx from source with custom modules on Debian and Ubuntu
Stars: ✭ 443 (+2668.75%)
Mutual labels:  openssl, nginx
Noginx
High performance HTTP and reverse proxy server based on Node.js. 基于 Node.js 的高性能 HTTP 及反向代理服务器,类似nginx。
Stars: ✭ 53 (+231.25%)
Mutual labels:  proxy, nginx
Ceryx
Dynamic reverse proxy based on NGINX OpenResty with an API
Stars: ✭ 688 (+4200%)
Mutual labels:  proxy, nginx
Kube Nginx Proxy
Nginx reverse proxy for Kubernetes services and pods powered by annotations
Stars: ✭ 31 (+93.75%)
Mutual labels:  proxy, nginx
Orange
OpenResty/Nginx Gateway for API Monitoring and Management.
Stars: ✭ 2,208 (+13700%)
Mutual labels:  proxy, nginx
Nginx Tutorial
这是一个 Nginx 极简教程,目的在于帮助新手快速入门 Nginx。
Stars: ✭ 845 (+5181.25%)
Mutual labels:  proxy, nginx
Open Proxy
一键部署被墙网站反向代理; 免翻墙访问被禁网站
Stars: ✭ 274 (+1612.5%)
Mutual labels:  proxy, nginx
Patch
Something could be public patches
Stars: ✭ 120 (+650%)
Mutual labels:  openssl, nginx
Nginx Ee
Automated Nginx compilation from sources with additional modules support. Compatible with WordOps, EasyEngine & Plesk
Stars: ✭ 132 (+725%)
Mutual labels:  openssl, nginx
Ssl Proxy
🔒 Simple zero-config SSL reverse proxy with real autogenerated certificates (LetsEncrypt, self-signed, provided)
Stars: ✭ 427 (+2568.75%)
Mutual labels:  proxy, nginx
Hiproxy
🛠 hiproxy is a lightweight proxy tool for Front-End developers based on Node.js that supports an NGINX-like configuration. 🔥
Stars: ✭ 629 (+3831.25%)
Mutual labels:  proxy, nginx
View All Similar Projects ➔

Keyless solution

The solution of keyless proxy.

The traditional proxy for SSL

SSL is widely used these years to provide secure communication links between clients and servers. Usually, to provide proxy service for these organizations' source servers, the proxy server has to keep the organizations' private keys. When a client is requesting the proxy server, the proxy server uses the private key to initialize a SSL link with the client as if it is the source server.

Since the proxy provider is usually a CDN (Content Delivery Network) company, there will be a security issue when distributing the private keys among the proxy servers.

The keyless proxy

Some organizations demand a higher secure level and won't trust the private keys to others. To provide proxy service to these organizations, CDN companies could use the keyless proxy. These organizations needn't share the private key with CDN companies. Instead, they have to distribute some keyless servers to provide keyless service for the usage of CDN companies.

When a client is requesting a proxy server, the server will try to initialize a SSL link with the client. During the SSL handshaking, some data needs to be processed with the private key. The proxy server will send these data to a keyless server, and the keyless server will use the private key to manipulate the data and respond with the outcome. The proxy server will complete the SSL handshaking with the outcome as if it is the source server.

This project is aimed to provide a demo solution for the keyless proxy, which is well-explained in the technical blog.

Components

To realize keyless proxy, there will be three components needed as follow:

  • Keyless Server, which is used to provide the keyless service. CloudFlare has published the source code of the keyless server in C and Go.
  • Proxy Server, which will request the keyless service and complete the SSL handshaking. Since a lot of companies use Nginx + lua as their business layer, I will modify the Nginx as the proxy server.
  • OpenSSL support, which will break down the SSL handshaking and wait the proxy server for the data processed by private key. To break down the SSL handshaking, OpenSSL needs some modification.

Note

The first version of the project is not finished yet. Since it's a part-time entertainment for me, I couldn't guarantee the develop progress. But I have realized it once before, so it should be soon.

Contact

Feel free to contact me via e-mail if you have any questions.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].