Outbound Web Proxy for old Insecure Web Clients?

We have an old PHP (5.1.6) application running on old Linux. We’d like to modify the application to make https requests to external servers. In doing so it would essentially act as a web client or web browser.

But our requests fail because our App & OS do support secure versions of SSL/TLS, and are rejected by the external server. Can we use Cloudflare as an outbound web proxy, and run our https requests through it?

Disclaimer: I don’t really know PHP. But I’ve recently had to get an old PHP 5.x app running.

No, you can’t forward-proxy through Cloudflare like that.

If your app uses PHP 5.1, it will probably run under PHP 5.6. PHP 5.6 supports TLS 1.2. You can run this on a new Linux by giving it PHP 5.6 in a Docker container. To make this work you need a slight tweak to update the certificates. This Dockerfile works for me:

FROM php:5.6-fpm

ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/

RUN chmod +x /usr/local/bin/install-php-extensions && \
    install-php-extensions @fix_letsencrypt mysqli mysql

With the container’s FPM listening on local port 9005, and the app code mounted in the container according to the instructions, I then set up the Apache virtual host to use it for PHP:

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9005/var/www/html/$1

I hope this gets you started in the right direction. Since this is completely out of scope for Cloudflare, and I’m no PHP expert, if you need more help with it I would suggest going to a PHP forum.

And honestly, if you’re going in and updating the app anyway, it would be way better to update it to run on current PHP.

2 Likes
Hello i4owest,
Thanks for the info!

I have about zero experience with docker, but it does seem like an avenue worth pursuing.

One possible roadblock is that our application uses a dedicated A/V transcoder card to decompress/compress audio data, taking load off the main CPU. Is it possible to give a docker container access to a separate hardware device like that?

In any case, thanks for the info re Cloudflare's capabilities.



This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.