A very basic nginx-based SSL stripper proxy

It is quite hard to use anything on the web with a vintage computer. Be it CSS or Javascript, Netscape 2 or even 4 doesn’t handle the data firehose of 2023. But before realizing it, you would first have to actually connect to a web server; something that is damn-near impossible with the generalization of HTTPS, especially with modern cyphers, TLS1.3 and so on.

So, in order to test Macstodon, the “competition” to my Apple 2 Mastodon client, I had to implement a basic SSL stripper proxy to connect to my instance. I first tried WebOne, but it didn’t play well with Macstodon, giving “remote closed connection while reading data” errors.

So I decided to go the general way with a tool I know quite well, and used Nginx.

This very simple “site” makes it listen on port 8080 and forward anything it receives as plain http to the https upstream:

server {
    listen 8080;

    #Use a variable to be able to have multiple upstreams.
    set $upstream "https://$http_host";
    resolver {{ gateway_ip }};

    location / {
        #Pass request
        proxy_pass $upstream;

        #Fix redirects
        proxy_redirect $upstream http://$http_host;

        #Fix bodies
        sub_filter https:// http://;
    }
}

And that’s all. Don’t forget to change the resolver to your DNS server, reload nginx using nginx -t && nginx -s reload, point your vintage browser HTTP proxy to your proxy host port 8080 and you’re done, Netscape will deliver its promise:

“Access all of the Internet more easily”

Well, you’ll connect, at least.

PS: Of course, please, deploy that as close as possible in the LAN to your target vintage computers, and especially not across the Internet. It is, quite evidently, extremely unsafe to exchange unencrypted data over the internet.