This is a proof of concept that shows how to use Nginx to filter HTTP and HTTPS traffic by domain without breaking SSL.
This setup has three main parts:
- Router: Forwards traffic and handles DNS.
- Nginx: Filters traffic based on allowed domains.
- Client: Used for testing.
These parts run in Docker containers.
-
Router:
- Acts as a gateway.
- Sends HTTP and HTTPS traffic to Nginx.
- Provides DNS for the client.
-
Nginx:
- Filters HTTP traffic using a list of allowed domains.
- Filters HTTPS traffic without decrypting it.
-
Client:
- Acts like a computer on the internal network.
- Uses the router for internet access and DNS.
- Install Docker and Docker Compose on your computer.
- Clone the repo
- Run this command to start:
docker-compose up -d
-
Get access to the client container:
docker-compose exec client sh -
In the client container, try these tests:
- Check DNS:
nslookup example.com - Try an allowed website (HTTP):
curl -v http://ifconfig.me - Try an allowed website (HTTPS):
curl -v https://ifconfig.me - Try a blocked website (should not work):
curl -v http://example.com - Try a blocked https website (should not work):
curl -v https://example.com
- Check DNS:
These websites are allowed:
- ifconfig.me
To change this list, edit the nginx.conf file and restart the containers.