Is it possible to use it as an HTTPs Proxy?

Question

Is it possible to use it as an HTTPs Proxy?

gcavalcante8808 opened this issue 3 years ago · 2 comments

Hi Folks,

I'm evaluating the aws-sigv4-proxy to access some opensearch instances and for that I made the following setup:

docker-compose.yaml

version: '3'

services:
  proxy:
    image: public.ecr.aws/aws-observability/aws-sigv4-proxy:1.2
    environment:
      AWS_ACCESS_KEY_ID:
      AWS_SECRET_ACCESS_KEY:
      AWS_DEFAULT_REGION: us-east-1
      AWS_SESSION_TOKEN:
    command:
      - --host=s3.amazonaws.com
    ports:
      - 8080:8080

After that, I just ran the curl -s -H 'host: s3.amazonaws.com' http://localhost:8080/ and it worked flawlessly! Nice!

But, when I try to use it with awscli for example by setting HTTPS_PROXY variable, the following error occurs:

Based on PR #16, I tried to configure name and host as well, but still I got no luck.

Is there a way to make it work using HTTPS_PROXY env var?

Answer 1 · 2022-03-18T00:17:50.000Z

For some reason if HTTPS_PROXY, then a CONNECT request is made to the sigv4-proxy, which is not meant to be use as a tunnel.

Also I am curious on what's the role of aws-sigv4 proxy if the AWS CLI is used? AWS CLI should already sign the request for you right?

Answer 2 · 2022-07-10T19:19:45.000Z

I'd also like to see this support HTTPS, perhaps via a self-signed certificate a la ssl-proxy. I realize I could chain these together, but it'd be preferable to have only one. In my case, I'm reconfiguring a (non-AWS) API client to send requests to https://127.0.0.1:8080, and it only supports HTTPS.