Comment by masspro - Hacker Neue

masspro Oct 4, 2024 parent

Probably not, but mitmproxy is not a reverse proxy for any production purpose. It’s for running on your local machine and doing testing of either low-level protocol or web security stuff.

codetrotter Oct 5, 2024

> mitmproxy is not a reverse proxy for any production purpose

At a startup I was working on a few years ago, I set up mitmproxy in dev and eventually if memory serves right I also sometimes enabled it in prod to debug things.

That being said, we did not have a lot of users. We had in fact very very few users at the time.

hedora Oct 5, 2024

I’ve been patiently waiting for someone to write a howto that uses mitmproxy to transparently obtain acme certificates for any web servers that are behind it.

I’d totally pay a cloud provider to just do this and forward requests to my port 80 or 443 with self signed certificates.

Https+acme is already open to this attack vector, so why inconvenience myself by pretending it is not?

codetrotter Oct 7, 2024

In our setup, TLS was already being terminated by Nginx or Caddy (I don’t remember which, but it was one of those two) sitting in front of another web server on the same host.

So inserting mitmproxy into the setup was just a case of putting it between the Nginx or Caddy that did TLS termination, and the web server that served the backend API. So to mitmproxy it was all plain HTTP traffic passing through it, locally on the same machine.

I bound the mitmweb web UI to the VPN interface so that us devs could connect to the dev server with VPN and then have access to the mitmweb web UI to inspect requests and responses.

dandandan Oct 5, 2024

ngrok can do that

https://ngrok.com/docs/network-edge/domains-and-tcp-addresse... https://ngrok.com/docs/network-edge/tls-certificates/#automa...

This item has no comments currently.