You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/source/forward-proxy.rst
+10-3Lines changed: 10 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -42,6 +42,8 @@ Then, you can follow the steps below to install the plugin:
42
42
43
43
- Ensure that you are running the scion-endhost stack as described in the `SCION documentation <https://docs.scion.org/projects/scion-applications/en/latest/applications/access.html>`_.
44
44
45
+
- Apply the necessary permissions to the binary:
46
+
45
47
.. code-block:: bash
46
48
47
49
chmod +x scion-caddy
@@ -61,7 +63,6 @@ Then, you can follow the steps below to install the plugin:
61
63
sudo mkdir -p /usr/share/scion/caddy-scion
62
64
sudo chown -R $USER:$USER /usr/share/scion
63
65
64
-
- Apply the necessary permissions to the binary:
65
66
66
67
- Optionally you can create a systemd service and enable it. You can use the example service file ``scion-caddy.service`` in the `examples <https://github.com/scionproto-contrib/caddy-scion/tree/main/_examples>`__.
67
68
@@ -180,8 +181,14 @@ Add the following line on ``/etc/hosts`` before running the SCION HTTP Forward P
180
181
The primary option for connecting to the SCION HTTP Forward Proxy is over HTTPS.
181
182
Most browsers or HTTPS clients will not trust the self-signed certificate used by the SCION HTTP Forward Proxy by default. To avoid certificate warnings, the user must either:
182
183
183
-
- Import the root certificate use into the browser trust store. If the user has followed the installation examples in the `examples <https://github.com/scionproto-contrib/caddy-scion/tree/main/_examples>`__ folder, the root certificate can be found in the ``/usr/share/scion/caddy-scion`` directory.
184
-
For MacOS, the root certificate can be found in the ``/usr/local/scion/caddy-scion`` directory. Please, use the Keychain Access application to import the root certificate.
184
+
- Import the root certificate used into the browser trust store.
185
+
If the user has followed the installation examples in the `examples <https://github.com/scionproto-contrib/caddy-scion/tree/main/_examples>`__ folder, the root certificate can be found in the ``/usr/share/scion/caddy-scion/pki/authorities/local/root.crt`` directory.
186
+
187
+
For Linux and Windows, you can import the root certificate into the system trust store. The chromium-based browsers require the root certificate to be imported into the browser trust store as well.
188
+
189
+
- Go to `chrome://certificate-manager/` -> "Installed by you" -> "Import" -> select the `root.crt` retrieved previously.
190
+
191
+
For MacOS, use the Keychain Access application to import the root certificate.
185
192
- Disable certificate verification in the browser or client, e.g.:
186
193
- Run chrome with, ``chrome --ignore-certificate-errors``
187
194
- Use the ``--proxy-insecure`` flag with curl, e.g.:
0 commit comments