Handling mangled server names

Lo,

At work, we have a perfectly functioning proxy server, which I don’t
trust. :-/ So I wanted to use my home infrastructure in a transparent
way (e.g., no SSH port forwarding) to allow me just to use my browser to
get http pages via https. Sort of a chained proxy.

I came up with the following, working, configuration:

server {
listen 999 ssl;
server_name ~^(?.+).ubergurus.eu$;

set $website $mangled;
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }
if ($website ~* (.*)_(.*)) { set $website $1.$2; }

ssl_certificate 

/opt/etc/nginx/ssl_ubergurus.eu/wildcard.ubergurus.eu.crt;
ssl_certificate_key
/opt/etc/nginx/ssl_ubergurus.eu/wildcard.ubergurus.eu.key;
ssl_crl /opt/etc/nginx/ssl_ubergurus.eu/crl.pem;
ssl_client_certificate /opt/etc/nginx/ssl_ubergurus.eu/ca.crt;
ssl_verify_client on;

location / {
  proxy_set_header  Host  $website;
  rewrite      ^(.*)$  $website$request_uri  break;
  proxy_pass    http://$website;
}

}

At home, 443 forwards to 999.

At work, I’m now able to get e.g. https://www_ns_nl.ubergurus.eu/ which
results, after two-sided SSL being setup, in a http//www.ns.nl get at
home, and tunneling the result back to work. Of course still the URL
shows up in the work’s proxy log, put no content. The server certificate
is a self-signed wildcard certificate for *.ubergurus.eu, so any mangled
site would work, as long as it doesn’t contain the ‘dot’-char.

A few questions came up during this invention:

Or am I just being crazy here… :wink:

Tnx,
Marc.

PS: Great piece of software, nginx!

you could use nginx substutions module maybe, else forward to php and
dom
parse and replace all script src, a href etc