Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Please include ability to serve HTTP unencrypted over port 80 for network traffic inspection purposes

Scheduled Pinned Locked Moved Feature Requests
7 Posts 3 Posters 301 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    M Offline
    Mastadamus
    wrote on last edited by
    #1

    For those of us who wish to capture our network traffic for inspection, It makes more sense for us to put a LB/reverse proxy in front of our cloudron and then terminate SSL/TLS at the LB and pass un encrypted to our Cloudron. Obviously for certain traffic where E2E encryption is preferred we can proxy pass https. It would be nice if we had the ability to maybe select whether or not we want to also serve on port 80.

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to Mastadamus on last edited by girish
    #2

    @Mastadamus Can you can also decrypt the traffic if you have the certs which you can get from /home/yellowtent/platformdata/nginx/cert ) ? Something like https://support.f5.com/csp/article/K19310681 or https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/

    M 1 Reply Last reply
    0
  • M Offline
    M Offline
    Mastadamus
    replied to girish on last edited by
    #3

    @girish Yeah thats what I do for my actual job, but it does introduce a ton of issues. 1. You can decrypt if you are using Diffie Helman. As far as I can determine currently the cloudron only accepts ECDH algorithms. This would prevent decryption since you can't MITM diffie hellman as far as I know.

    83b31fff-15c6-4705-9eb3-da9f20d123c5-image.png

    girishG 1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    replied to Mastadamus on last edited by
    #4

    @Mastadamus said in Please include ability to serve HTTP unencrypted over port 80 for network traffic inspection purposes:

    You can decrypt if you are using Diffie Helman. As far as I can determine currently the cloudron only accepts ECDH algorithms

    Indeed, it cannot be decoded because PFS is a property of ECDH. See also Right, I guess this is because of PFS - https://serverfault.com/questions/869354/decoding-ssl-packets-with-cipher-tls-ecdhe-rsa-in-wireshark

    I think having a way to support reverse proxies in front of cloudron would help the situation. It seems many people are hitting this limitation when they deploy at home.

    M 1 Reply Last reply
    0
  • M Offline
    M Offline
    Mastadamus
    replied to girish on last edited by
    #5

    @girish do we have a way to do this yet? Support for reverse proxies in front of cloudron?

    robiR girishG 2 Replies Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    replied to Mastadamus on last edited by
    #6

    @Mastadamus why not do it behind?

    Life of sky tech

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to Mastadamus on last edited by
    #7

    @Mastadamus not yet, no. I think it's quite low priority, it needs a lot of testing/changes to support http. Cloudron is designed everywhere to be secure (https) by default, making this complicated.

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.