Comment by p0w3n3d
2 hours ago
I wonder how did you overcome https. As I understand the request that goes to rerouted Imgur proxy will have different cert.
2 hours ago
I wonder how did you overcome https. As I understand the request that goes to rerouted Imgur proxy will have different cert.
AIUI, nginx doesn't terminate the SSL/TLS connection - it is just passed through as is. `ssl_preread on` extracts the server name from the Server Name Indication (SNI) send as part of the TLS handshake, which is unencrypted.
I just set up a similar system (Debian LXC permanently connected to a VPN, nginx proxying imgur.com and all its subdomains with the rest being dropped), and it works quite well. Setting DNS records for imgur.com and {api,i,s}.imgur.com seems to be sufficient to get the site and inline images working (not 100% if all are needed - I haven't fully tested it yet).
Presumably TLS still only happens at the browser and at the Imgur origin server. Everything in between just routes the request without being able to read any of the encrypted stuff. This is no different than using your browser while your computer is connected to the web via a VPN, except that in this case only a small subset of requests go through the VPN.