Skip to content

docs: update config #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JordiSubira merged 1 commit into from
May 20, 2025
Merged

docs: update config #18

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 21 additions & 2 deletions docs/source/forward-proxy.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,16 +207,35 @@ If you do not want to grant those privileges, you can run the binary without the

127.0.0.1 forward-proxy.scion

The primary option for connecting to the SCION HTTP Forward Proxy is over HTTPS.
Most browsers or HTTPS clients will not trust the self-signed certificate used by the SCION HTTP Forward Proxy by default. To avoid certificate warnings, the user must either:
- Import the root certificate use into the browser trust store. If the user has followed the installation examples in the `examples <https://github.com/scionproto-contrib/http-proxy/tree/main/_examples>`__ folder, the root certificate can be found in the ``/usr/share/scion/caddy-scion`` directory.
For MacOS, the root certificate can be found in the ``/usr/local/scion/caddy-scion`` directory. Please, use the Keychain Access application to import the root certificate.
- Disable certificate verification in the browser or client, e.g.:
- Run chrome with, ``chrome --ignore-certificate-errors``
- Use the ``--insecure`` and ``--proxy-insecure`` flag with curl, e.g.:
- Use the ``--proxy-insecure`` flag with curl, e.g.:

.. code-block:: bash

curl --insecure --proxy-insecure -x http://forward-proxy.scion:8080 https://www.example.org
curl --proxy-insecure -x https://forward-proxy.scion:9443 https://www.example.org

Alternatively, you can enable plain HTTP support for the SCION HTTP Forward Proxy by adding the following lines to the JSON configuration file:

.. code-block:: json

"apps": {
"http": {
"http_port": 9080,
"https_port": 9443,
"servers": {
"forward": {
"logs": {},
"metrics": {},
"listen": [
":9080",
":9443"
],
...

Running the SCION HTTP Forward Proxy as in-network service
----------------------------------------------------------
Expand Down