Automatically provide HTTPS for HTTP content from Ygg-Ips?

[perguth]

Idea:

Automatically provide HTTPS for HTTP content from Ygg-IPs:

1. Generate and provide a root-certificate and add it to the system.
2. Automatically forward URLs of the form "http://Ygg-IP" to https.
3. Transparently create a certificate for "https://Ygg-IPs" as soon as they are queried through the proxy

HTTP-Server -> Yggdrasil -> Yggstack (Yggdrasil -> Proxy -> HTTPS) -> Client

Why?

🡆 If Yggstack install a root certificate and then generates certificates for Ygg-IPs and HTTPS-wraps the HTTP traffic, we would achieve a "valid" certificates for Ygg-IPs automatically.

HTTPS is needed for a secure context which is a Window or Worker for which certain minimum standards of authentication and confidentiality are met. Many Web APIs and features are accessible only in a secure context. Eg.:

• Geolocation API
• Service Workers
• Web Bluetooth
• Media Capture and Streams (getUserMedia)
• Payment Request API
• Credential Management API
• WebCrypto API

[basilgello]

Not sure if I understand your intention fully here. Can you please expand a bit on your setup / usecase? Yggstack provides SOCKS5 server and it is up to HTTP client to request HTTPS or HTTP.

[basilgello]

yggstack (and yggdrasil in general) operate at tunnel-level concept. You mix L7 (application) OSI layer where HTTP/S resides with L3 (network) layer where Ygg operates. What you really likely want is to forward port 443 to yggstack: --exposetcp 443:127.0.0.1:443

[perguth]

Ah, no, my idea is not to expose the host machine. My focus is on webbrowsing (using Yggstack purely as a SOCKS proxy).