(Read this, then delete it before you post.) To get the best help possible, please:
- explain what you are trying to do:
I’m working with a company that has a ZScaler proxy running on localhost. This proxy is poorly configured by an antiquated, slow-moving security team. I am attempting to setup Caddy as a forwarder to help alleviate x509 certificate errors because ZScaler is basically MITM’ing all connections.
Here is my Caddyfile:
*
proxy / http://localhost:9000 http://proxy.company.com:80 {
policy first
insecure_skip_verify
transparent
}
errors proxieserrors.log
The error log is empty. When I curl http sites the proxy works as intended. When I curl https sites the proxy fails with the following output:
curl -Iv https://chrisshort.net
* Rebuilt URL to: https://chrisshort.net/
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 2015 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to chrisshort.net:443
> CONNECT chrisshort.net:443 HTTP/1.1
> Host: chrisshort.net:443
> User-Agent: curl/7.59.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Proxy-Agent: Zscaler/6.0
Proxy-Agent: Zscaler/6.0
< Server: Caddy
Server: Caddy
< Date: Thu, 12 Apr 2018 14:40:48 GMT
Date: Thu, 12 Apr 2018 14:40:48 GMT
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
* Ignoring Transfer-Encoding in CONNECT 200 response
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* CONNECT phase completed!
* CONNECT phase completed!
* Unknown SSL protocol error in connection to chrisshort.net:-9805
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to chrisshort.net:-9805
Has anyone even tried to do something like this? What might the issue here?