SSL Support

[rohit-saharan]

What do we need to do to actually implement SSL support?

[g13013]

I think that angry-cacheing-proxy could serve with SSL, and the users have to set NPM param strict-ssl to false

[adamenger]

Yeah I think SSL support would be awesome. I've got some gems that require to be installed over ssl and I can't use this to cache gems without SSL support. :crying_cat_face:

[hashar]

What could be done is to have the client point to the http proxy, and have Angry Caching to rewrite the URL to their HTTPS versions. Assuming you trust your cache instance, you would at least get https from the cache to the package managers with strict host checking.

[hashar]

To elaborate on my previous comment, there are two ways that can be deal with:

Man in the middle

The packages managers uses their default index URL, which nowadays are HTTPS for at least pip, npm and gem. Point them to Angry Caching with the https_proxy environment variable.

When the cache receives the SSL connection, it uses a custom certificate which would need to be trusted on the client side. It then emit another connection to the upstream package manager over HTTPS, grab and cache the material then emit it back to the client.

That is not so great since you have to deploy a custom SSL cert on all your host and I am not entirely sure all package managers supports using a different cert. Maybe they at least look up for trusted cert somewhere under /etc/ssl/cert

URL rewriting

The package managers would be pointed to the HTTP index as is currently described in the README file. Then angry caching could rewrite the client request URL to use HTTPS instead. So for npm:

 http_proxy=http://localhost:8080 npm install --registry http://registry.npmjs.org/

And the proxy would rewrite the request:

- http://registry.npmjs.org/
+ https://registry.npmjs.org/
      ^