From fa3e675657f7d5281085f99989d7e0ff3cd1a126 Mon Sep 17 00:00:00 2001
From: Houssem Dellai <houssem.dellai@live.com>
Date: Thu, 21 Mar 2024 12:03:19 +0100
Subject: [PATCH] working

---
 _egress_proxy/aci-mitmproxy.tf                |  6 ++-
 _egress_proxy/aks-proxy-config.json           |  3 +-
 _egress_proxy/aks.tf                          | 10 ++--
 _egress_proxy/certificate/cert.crt            | 21 --------
 _egress_proxy/certificate/cert.pem            | 49 -------------------
 _egress_proxy/certificate/generate-cert.sh    | 10 ++--
 .../certificate/mitmproxy-ca-cert (17).pem    | 21 --------
 _egress_proxy/install-mitmproxy.sh            | 30 +++---------
 _egress_proxy/variables.tf                    |  2 +-
 _egress_proxy/vm-linux-proxy-mitm.tf          |  2 +-
 10 files changed, 26 insertions(+), 128 deletions(-)
 delete mode 100644 _egress_proxy/certificate/cert.crt
 delete mode 100644 _egress_proxy/certificate/cert.pem
 delete mode 100644 _egress_proxy/certificate/mitmproxy-ca-cert (17).pem

diff --git a/_egress_proxy/aci-mitmproxy.tf b/_egress_proxy/aci-mitmproxy.tf
index 5798cf4..181a579 100644
--- a/_egress_proxy/aci-mitmproxy.tf
+++ b/_egress_proxy/aci-mitmproxy.tf
@@ -14,7 +14,9 @@ resource "azurerm_container_group" "aci-mitmproxy" {
     commands = [
       "/bin/bash",
       "-c",
-      "mitmweb --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --set block_global=false"
+      "apt update -y; apt install wget -y; wget 'https://raw.githubusercontent.com/HoussemDellai/docker-kubernetes-course/main/_egress_proxy/certificate/mitmproxy-ca-cert.pem'; wget 'https://raw.githubusercontent.com/HoussemDellai/docker-kubernetes-course/main/_egress_proxy/certificate/mitmproxy-ca.pem'; wget 'https://raw.githubusercontent.com/HoussemDellai/docker-kubernetes-course/main/_egress_proxy/certificate/mitmproxy-ca-cert.p12'; mitmweb --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --set block_global=false --certs *=./mitmproxy-ca.pem --set confdir=./",
+# EOF
+      # "mitmweb --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --set block_global=false"
       # "apt update -y; apt install wget -y; wget 'https://raw.githubusercontent.com/HoussemDellai/docker-kubernetes-course/main/_egress_proxy/certificate/cert.pem'; mitmweb --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --set block_global=false --certs *=cert.pem"
     ]
 
@@ -50,6 +52,6 @@ resource "azurerm_container_group" "aci-mitmproxy" {
 #   }
 # }
 
-output "aci-mitmproxy-public_ip" {
+output "aci_mitmproxy_public_ip" {
   value = azurerm_container_group.aci-mitmproxy.ip_address
 }
diff --git a/_egress_proxy/aks-proxy-config.json b/_egress_proxy/aks-proxy-config.json
index 0b04c2f..586eefe 100644
--- a/_egress_proxy/aks-proxy-config.json
+++ b/_egress_proxy/aks-proxy-config.json
@@ -4,7 +4,8 @@
     "noProxy": [
         "localhost",
         "127.0.0.1",
-        "docker.io"
+        "docker.io",
+        "docker.com"
     ],
     "trustedCA": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnekNDQW11Z0F3SUJBZ0lVUzJTOHNMblQ1bi8vNkM3QTErMG01WXJUejhRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNSbEl4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERUtNQWdHQTFVRUF3d0JLakFlRncweU5EQXpNVFl3Ck9UUTVNemxhRncweU5EQTBNVFV3T1RRNU16bGFNRkV4Q3pBSkJnTlZCQVlUQWtaU01STXdFUVlEVlFRSURBcFQKYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWGFXUm5hWFJ6SUZCMGVTQk1kR1F4Q2pBSQpCZ05WQkFNTUFTb3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDWjVsUncvZFVlCkJsNXFjSzZSUUUrM1RwdTV5bWgxZDVDR0RwYkt2RDZ0djUwRjc5Y0JuUDJYODJ4aVJWU2R2TXJYZEx4MWJkek4KMVBnbjY4cVloSHVSOSt6TVdUN2VZUUtMZi9FYm9mSUEzbWhhS0xsVXFnTjNIRTNaMDU0RUdkQ0RrTlB3c3QyUAp6ckdBM3dVeDJyYkhXRzRpcC9SN1MvN0hIamtHdWh4QXFYZEdUM1BZdnBvKzh6RGVVeTdVRUxWYXg5VS9zdUFOCmhOMktweWxUZThLQmNVNnNFclNjUjdxYU8xLzdJYmVFRW9oQXhpblJ5SFQzaHJQZlY3WktjR0Q3NWtZUkJyRUMKWUdVL203bUsyeDJwek4zNmpad012ckxWZ3dkQkFieHpTSkxFSkR2YlVBWmZZalg3Y2w2SDNqL3ozYW1sTVdMbgpvU2NBeStkVTBFVkRBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlN1Y2VBWXQ2NE96Wk1XUXp3Q3BvZWVvRHk4ClVEQWZCZ05WSFNNRUdEQVdnQlN1Y2VBWXQ2NE96Wk1XUXp3Q3BvZWVvRHk4VURBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkswdFdybDZ3b1dDUCs1bS81VWx4SWl3MnE2d1QvdVQwVgpCR2J5QllYTGZKcms5L1lXQVBZR05yaFdmekhVQU8vaEIrbVY5TDU2UlU3NHAvYk51MXdqdGZuT0phRjl5YmUwCmhyMFNsaDlkdFdvRnBHeFVzMGlFVVFHNmhEVzM5bDg2TTlweVJ6NFYrWjVGVHMvMEkya2NTUk1ySk9PZk5JZm4KMkJiVSs4Z1FUV0U5L3gvcThOcWJocUZxSUQybkZXWjl4aUlvWG1GSmt5T3hNeU1ZS2RyTERERUlHa2ZEWHhqNQphUHp1Y3l4S0ZBVzNtbWEwd1Y3WEZFdE8yYjVDMkh1YjdEN2RlbDBkSzFmZUsveWR6Z2szaTdIREFvaFZKSFlLCmZxVzVZWlpNMjkyLzY1VThPaWJmNmtjYTNZOGRFTFRPYzkxRUdPdkt2SVBJQVQvdTFFTmgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
 }
\ No newline at end of file
diff --git a/_egress_proxy/aks.tf b/_egress_proxy/aks.tf
index 7280bbd..6be9128 100644
--- a/_egress_proxy/aks.tf
+++ b/_egress_proxy/aks.tf
@@ -1,9 +1,9 @@
 resource "azurerm_kubernetes_cluster" "aks" {
-  name                = "aks-cluster129"
+  name                = "aks-cluster"
   location            = azurerm_resource_group.rg.location
   resource_group_name = azurerm_resource_group.rg.name
   dns_prefix          = "aks"
-  kubernetes_version  = "1.28.5" # "1.29.0"
+  kubernetes_version  = "1.29.0"
 
   network_profile {
     network_plugin      = "azure" # "kubenet"
@@ -25,9 +25,9 @@ resource "azurerm_kubernetes_cluster" "aks" {
   }
 
   http_proxy_config {
-    http_proxy  = "http://${azurerm_public_ip.pip-vm-proxy.ip_address}:8080/"  # "http://${azurerm_network_interface.nic-vm-proxy.private_ip_address}:8080/"  # "http://${azurerm_public_ip.pip-vm-proxy.ip_address}:8080/" # "http://${azurerm_container_group.aci-mitmproxy.ip_address}:8080/" # "http://20.76.37.30:8080/"
-    https_proxy = "https://${azurerm_public_ip.pip-vm-proxy.ip_address}:8080/" # "https://${azurerm_network_interface.nic-vm-proxy.private_ip_address}:8080/" # "http://20.76.37.30:8080/"
-    no_proxy    = ["localhost", "127.0.0.1", "docker.io"]                      #, azurerm_subnet.snet-aks.address_prefixes[0]]
+    http_proxy  = "http://${azurerm_container_group.aci-mitmproxy.ip_address}:8080/" # "http://${azurerm_network_interface.nic-vm-proxy.private_ip_address}:8080/" # "http://${azurerm_public_ip.pip-vm-proxy.ip_address}:8080/" # "http://${azurerm_container_group.aci-mitmproxy.ip_address}:8080/" # "http://20.76.37.30:8080/"
+    https_proxy = "http://${azurerm_container_group.aci-mitmproxy.ip_address}:8080/" # "https://${azurerm_network_interface.nic-vm-proxy.private_ip_address}:8080/" # "https://${azurerm_public_ip.pip-vm-proxy.ip_address}:8080/" # "http://20.76.37.30:8080/"
+    no_proxy    = ["localhost", "127.0.0.1", "docker.io", "docker.com"]                      #, azurerm_subnet.snet-aks.address_prefixes[0]]
     trusted_ca  = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnekNDQW11Z0F3SUJBZ0lVUzJTOHNMblQ1bi8vNkM3QTErMG01WXJUejhRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNSbEl4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERUtNQWdHQTFVRUF3d0JLakFlRncweU5EQXpNVFl3Ck9UUTVNemxhRncweU5EQTBNVFV3T1RRNU16bGFNRkV4Q3pBSkJnTlZCQVlUQWtaU01STXdFUVlEVlFRSURBcFQKYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWGFXUm5hWFJ6SUZCMGVTQk1kR1F4Q2pBSQpCZ05WQkFNTUFTb3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDWjVsUncvZFVlCkJsNXFjSzZSUUUrM1RwdTV5bWgxZDVDR0RwYkt2RDZ0djUwRjc5Y0JuUDJYODJ4aVJWU2R2TXJYZEx4MWJkek4KMVBnbjY4cVloSHVSOSt6TVdUN2VZUUtMZi9FYm9mSUEzbWhhS0xsVXFnTjNIRTNaMDU0RUdkQ0RrTlB3c3QyUAp6ckdBM3dVeDJyYkhXRzRpcC9SN1MvN0hIamtHdWh4QXFYZEdUM1BZdnBvKzh6RGVVeTdVRUxWYXg5VS9zdUFOCmhOMktweWxUZThLQmNVNnNFclNjUjdxYU8xLzdJYmVFRW9oQXhpblJ5SFQzaHJQZlY3WktjR0Q3NWtZUkJyRUMKWUdVL203bUsyeDJwek4zNmpad012ckxWZ3dkQkFieHpTSkxFSkR2YlVBWmZZalg3Y2w2SDNqL3ozYW1sTVdMbgpvU2NBeStkVTBFVkRBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlN1Y2VBWXQ2NE96Wk1XUXp3Q3BvZWVvRHk4ClVEQWZCZ05WSFNNRUdEQVdnQlN1Y2VBWXQ2NE96Wk1XUXp3Q3BvZWVvRHk4VURBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkswdFdybDZ3b1dDUCs1bS81VWx4SWl3MnE2d1QvdVQwVgpCR2J5QllYTGZKcms5L1lXQVBZR05yaFdmekhVQU8vaEIrbVY5TDU2UlU3NHAvYk51MXdqdGZuT0phRjl5YmUwCmhyMFNsaDlkdFdvRnBHeFVzMGlFVVFHNmhEVzM5bDg2TTlweVJ6NFYrWjVGVHMvMEkya2NTUk1ySk9PZk5JZm4KMkJiVSs4Z1FUV0U5L3gvcThOcWJocUZxSUQybkZXWjl4aUlvWG1GSmt5T3hNeU1ZS2RyTERERUlHa2ZEWHhqNQphUHp1Y3l4S0ZBVzNtbWEwd1Y3WEZFdE8yYjVDMkh1YjdEN2RlbDBkSzFmZUsveWR6Z2szaTdIREFvaFZKSFlLCmZxVzVZWlpNMjkyLzY1VThPaWJmNmtjYTNZOGRFTFRPYzkxRUdPdkt2SVBJQVQvdTFFTmgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
   }
 
diff --git a/_egress_proxy/certificate/cert.crt b/_egress_proxy/certificate/cert.crt
deleted file mode 100644
index d60e21c..0000000
--- a/_egress_proxy/certificate/cert.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDgzCCAmugAwIBAgIUIM9f8GhRpKGWFRIu0+iSaSxxMaEwDQYJKoZIhvcNAQEL
-BQAwUTELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEKMAgGA1UEAwwBKjAeFw0yNDAzMTYw
-ODM4MDhaFw0yNDA0MTUwODM4MDhaMFExCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApT
-b21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCjAI
-BgNVBAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ5lRw/dUe
-Bl5qcK6RQE+3Tpu5ymh1d5CGDpbKvD6tv50F79cBnP2X82xiRVSdvMrXdLx1bdzN
-1Pgn68qYhHuR9+zMWT7eYQKLf/EbofIA3mhaKLlUqgN3HE3Z054EGdCDkNPwst2P
-zrGA3wUx2rbHWG4ip/R7S/7HHjkGuhxAqXdGT3PYvpo+8zDeUy7UELVax9U/suAN
-hN2KpylTe8KBcU6sErScR7qaO1/7IbeEEohAxinRyHT3hrPfV7ZKcGD75kYRBrEC
-YGU/m7mK2x2pzN36jZwMvrLVgwdBAbxzSJLEJDvbUAZfYjX7cl6H3j/z3amlMWLn
-oScAy+dU0EVDAgMBAAGjUzBRMB0GA1UdDgQWBBSuceAYt64OzZMWQzwCpoeeoDy8
-UDAfBgNVHSMEGDAWgBSuceAYt64OzZMWQzwCpoeeoDy8UDAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCSx3eA0RZ/RtJpxY2Rlawu6ov3KxqJqDK5
-8KLYGqa/HiwQECky47Y8zJg+XgzZm6eNGI2s0IU7HqIKvagzOE8zQBXx3W+Nh17V
-xgwCVQpfy8CmLCItsPOr+j7vuxNKvtnkmpdgS8xBvzY4mSVuI+G76OnQatiLVbNz
-XTZgVrTCEe7wDCBeZmVw8HExjODoWOX9EzZWd5YJ6iw2kJoIrmoNf/Ka+SoVdyjZ
-zyBbqkJFzLG2p5VPQTeBMWjSFMLkXuoLNE9bfxFpZOyEbcNSMLcOus2HbHcdtfAV
-uCAT3G99tnQkS2+Py2DcJltEcpvSCKv1btGk6jE7xUn22+EIaEac
------END CERTIFICATE-----
diff --git a/_egress_proxy/certificate/cert.pem b/_egress_proxy/certificate/cert.pem
deleted file mode 100644
index 0a97dbb..0000000
--- a/_egress_proxy/certificate/cert.pem
+++ /dev/null
@@ -1,49 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCZ5lRw/dUeBl5q
-cK6RQE+3Tpu5ymh1d5CGDpbKvD6tv50F79cBnP2X82xiRVSdvMrXdLx1bdzN1Pgn
-68qYhHuR9+zMWT7eYQKLf/EbofIA3mhaKLlUqgN3HE3Z054EGdCDkNPwst2PzrGA
-3wUx2rbHWG4ip/R7S/7HHjkGuhxAqXdGT3PYvpo+8zDeUy7UELVax9U/suANhN2K
-pylTe8KBcU6sErScR7qaO1/7IbeEEohAxinRyHT3hrPfV7ZKcGD75kYRBrECYGU/
-m7mK2x2pzN36jZwMvrLVgwdBAbxzSJLEJDvbUAZfYjX7cl6H3j/z3amlMWLnoScA
-y+dU0EVDAgMBAAECggEABeWgS/UpmUdhA1HRd0sqX+JgY+lzTCCb5j/VZ4MbOHSV
-9OJe9bD0u1j7d16vE/pmCMqHrEzz1CnI07muCtNSMS4chM4uRJuo/fCtK8nLa0Wm
-Bz8YxccWTOejAu9xhNtAusKQ5poYTrnjbaj7GstLo0XNWRg9hJc2DSniqgxSp+fv
-8XXBR5QYicyuRb2Aekp0b4LHISoHQmP33JNlCWfZnr0T9M8wZQuLla1p1aMmjlMa
-4TdvIXLA6tDilySkQAbeXJ2sRk3gdujajsNIh1BQRKYdnd690ST7/I8LVKLQnb5F
-TN2Bu7oGp2vEUYrpvX+r0vcYbCeyHClVxBSDUFCOkQKBgQC/n8nbtuQtbyUjFkDH
-Golk92tyFqTCH/ccUWbAlbHfCVoYuAV20hLGB9BTKcXaHNUr07aWgYzFIDG2FAMh
-OEp7S2dbg0/Bz6TK4SvoeJp994NsiRIZAfqaoRme6uDx3FtKCJ/bcgszMvRm/YS/
-ROE+Y3Sdt2Z7lvgi5reI6P9giQKBgQDNmiJMrZ4Gc7ojvW/nF60WyLMFVNjgoqqi
-hSVeXQloBQ3v6SW+JC7nfbulFtcAuFtZTD/L8QBdUdLxiiCf+cMVRpTmpRv06Qgr
-wvqk3mEHbtW/JQZmnH34tEryZFktgtPgiCXQP3DTbw6z6tmvt1HyvGJct5e4HGtk
-xHIp3QiMawKBgHuvKn6LvRnqXIEaMvOQmFA4NvzryqqWMUzw6a6ysJ1yjtnXpYc9
-LurtTjTviIoxBBMG0xqwQelWz19j6WU+zSxpzivOROOnIAnnbwzdE3LtGMIscyb7
-FQNLqprdphXWkoHlsTDWmo4QfJohVtaSIgS/8xx9rUNmfYEhhCN1qKhpAoGBAKvr
-BmM3ibu7aRoZfUiu83zptUfv+qlbW3MqAmU1RnhEQbMqMPUdLFtFN3KD9qQTg87X
-g0D09GkT0l9GMKGUJxvTOQ7jYM0ZTkvJbewORvQAKZr7Sq7ijDM6DrFAV5FGpARL
-09KeOamSY6jt57iWgV+HRnhgy+yXVvWbjhqTSGKhAoGABwdaTlpqFs0CGZCO1eXe
-vWscndm0EUZi/+HyW4vFmtiwLyk2aXdRYSGUkzrJUbNvmS/S0anc1ghNFhMFnBfe
-7opDBDp64V4sUHBOIGpQ9ZeqfzhZ8KxRWnM7TK9SZCBCuxf6h8rUbev8YyXsnS7F
-5T4kFgHZvHVVmTIbXQHGYx4=
------END PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDgzCCAmugAwIBAgIUIM9f8GhRpKGWFRIu0+iSaSxxMaEwDQYJKoZIhvcNAQEL
-BQAwUTELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEKMAgGA1UEAwwBKjAeFw0yNDAzMTYw
-ODM4MDhaFw0yNDA0MTUwODM4MDhaMFExCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApT
-b21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCjAI
-BgNVBAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ5lRw/dUe
-Bl5qcK6RQE+3Tpu5ymh1d5CGDpbKvD6tv50F79cBnP2X82xiRVSdvMrXdLx1bdzN
-1Pgn68qYhHuR9+zMWT7eYQKLf/EbofIA3mhaKLlUqgN3HE3Z054EGdCDkNPwst2P
-zrGA3wUx2rbHWG4ip/R7S/7HHjkGuhxAqXdGT3PYvpo+8zDeUy7UELVax9U/suAN
-hN2KpylTe8KBcU6sErScR7qaO1/7IbeEEohAxinRyHT3hrPfV7ZKcGD75kYRBrEC
-YGU/m7mK2x2pzN36jZwMvrLVgwdBAbxzSJLEJDvbUAZfYjX7cl6H3j/z3amlMWLn
-oScAy+dU0EVDAgMBAAGjUzBRMB0GA1UdDgQWBBSuceAYt64OzZMWQzwCpoeeoDy8
-UDAfBgNVHSMEGDAWgBSuceAYt64OzZMWQzwCpoeeoDy8UDAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCSx3eA0RZ/RtJpxY2Rlawu6ov3KxqJqDK5
-8KLYGqa/HiwQECky47Y8zJg+XgzZm6eNGI2s0IU7HqIKvagzOE8zQBXx3W+Nh17V
-xgwCVQpfy8CmLCItsPOr+j7vuxNKvtnkmpdgS8xBvzY4mSVuI+G76OnQatiLVbNz
-XTZgVrTCEe7wDCBeZmVw8HExjODoWOX9EzZWd5YJ6iw2kJoIrmoNf/Ka+SoVdyjZ
-zyBbqkJFzLG2p5VPQTeBMWjSFMLkXuoLNE9bfxFpZOyEbcNSMLcOus2HbHcdtfAV
-uCAT3G99tnQkS2+Py2DcJltEcpvSCKv1btGk6jE7xUn22+EIaEac
------END CERTIFICATE-----
diff --git a/_egress_proxy/certificate/generate-cert.sh b/_egress_proxy/certificate/generate-cert.sh
index aa17da6..0c456b5 100644
--- a/_egress_proxy/certificate/generate-cert.sh
+++ b/_egress_proxy/certificate/generate-cert.sh
@@ -1,13 +1,13 @@
 openssl genrsa -out cert.key 2048
+
 # (Specify the mitm domain as Common Name, e.g. \*.google.com)
-# openssl req -new -x509 -key cert.key -out cert.crt
-# cat cert.key cert.crt > cert.pem
 
 openssl req -new -x509 -key cert.key -out mitmproxy-ca-cert.pem
-cat cert.key mitmproxy-ca-cert.pem > mitmproxy-ca.pem
 
+cat cert.key mitmproxy-ca-cert.pem > mitmproxy-ca.pem
 
 openssl pkcs12 -export -inkey cert.key -in mitmproxy-ca-cert.pem -out mitmproxy-ca-cert.p12
 
-
-cat mitmproxy-ca-cert.pem | base64 -w0
\ No newline at end of file
+cat mitmproxy-ca-cert.pem | base64 -w0
+# sample output
+# LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnekNDQW11Z0F3SUJBZ0lVUzJTOHNMblQ1bi8vNkM3QTErMG01WXJUejhRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNSbEl4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERUtNQWdHQTFVRUF3d0JLakFlRncweU5EQXpNVFl3Ck9UUTVNemxhRncweU5EQTBNVFV3T1RRNU16bGFNRkV4Q3pBSkJnTlZCQVlUQWtaU01STXdFUVlEVlFRSURBcFQKYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWGFXUm5hWFJ6SUZCMGVTQk1kR1F4Q2pBSQpCZ05WQkFNTUFTb3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDWjVsUncvZFVlCkJsNXFjSzZSUUUrM1RwdTV5bWgxZDVDR0RwYkt2RDZ0djUwRjc5Y0JuUDJYODJ4aVJWU2R2TXJYZEx4MWJkek4KMVBnbjY4cVloSHVSOSt6TVdUN2VZUUtMZi9FYm9mSUEzbWhhS0xsVXFnTjNIRTNaMDU0RUdkQ0RrTlB3c3QyUAp6ckdBM3dVeDJyYkhXRzRpcC9SN1MvN0hIamtHdWh4QXFYZEdUM1BZdnBvKzh6RGVVeTdVRUxWYXg5VS9zdUFOCmhOMktweWxUZThLQmNVNnNFclNjUjdxYU8xLzdJYmVFRW9oQXhpblJ5SFQzaHJQZlY3WktjR0Q3NWtZUkJyRUMKWUdVL203bUsyeDJwek4zNmpad012ckxWZ3dkQkFieHpTSkxFSkR2YlVBWmZZalg3Y2w2SDNqL3ozYW1sTVdMbgpvU2NBeStkVTBFVkRBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlN1Y2VBWXQ2NE96Wk1XUXp3Q3BvZWVvRHk4ClVEQWZCZ05WSFNNRUdEQVdnQlN1Y2VBWXQ2NE96Wk1XUXp3Q3BvZWVvRHk4VURBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkswdFdybDZ3b1dDUCs1bS81VWx4SWl3MnE2d1QvdVQwVgpCR2J5QllYTGZKcms5L1lXQVBZR05yaFdmekhVQU8vaEIrbVY5TDU2UlU3NHAvYk51MXdqdGZuT0phRjl5YmUwCmhyMFNsaDlkdFdvRnBHeFVzMGlFVVFHNmhEVzM5bDg2TTlweVJ6NFYrWjVGVHMvMEkya2NTUk1ySk9PZk5JZm4KMkJiVSs4Z1FUV0U5L3gvcThOcWJocUZxSUQybkZXWjl4aUlvWG1GSmt5T3hNeU1ZS2RyTERERUlHa2ZEWHhqNQphUHp1Y3l4S0ZBVzNtbWEwd1Y3WEZFdE8yYjVDMkh1YjdEN2RlbDBkSzFmZUsveWR6Z2szaTdIREFvaFZKSFlLCmZxVzVZWlpNMjkyLzY1VThPaWJmNmtjYTNZOGRFTFRPYzkxRUdPdkt2SVBJQVQvdTFFTmgKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
\ No newline at end of file
diff --git a/_egress_proxy/certificate/mitmproxy-ca-cert (17).pem b/_egress_proxy/certificate/mitmproxy-ca-cert (17).pem
deleted file mode 100644
index e152dff..0000000
--- a/_egress_proxy/certificate/mitmproxy-ca-cert (17).pem	
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDgzCCAmugAwIBAgIUS2S8sLnT5n//6C7A1+0m5YrTz8QwDQYJKoZIhvcNAQEL
-BQAwUTELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEKMAgGA1UEAwwBKjAeFw0yNDAzMTYw
-OTQ5MzlaFw0yNDA0MTUwOTQ5MzlaMFExCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApT
-b21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCjAI
-BgNVBAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ5lRw/dUe
-Bl5qcK6RQE+3Tpu5ymh1d5CGDpbKvD6tv50F79cBnP2X82xiRVSdvMrXdLx1bdzN
-1Pgn68qYhHuR9+zMWT7eYQKLf/EbofIA3mhaKLlUqgN3HE3Z054EGdCDkNPwst2P
-zrGA3wUx2rbHWG4ip/R7S/7HHjkGuhxAqXdGT3PYvpo+8zDeUy7UELVax9U/suAN
-hN2KpylTe8KBcU6sErScR7qaO1/7IbeEEohAxinRyHT3hrPfV7ZKcGD75kYRBrEC
-YGU/m7mK2x2pzN36jZwMvrLVgwdBAbxzSJLEJDvbUAZfYjX7cl6H3j/z3amlMWLn
-oScAy+dU0EVDAgMBAAGjUzBRMB0GA1UdDgQWBBSuceAYt64OzZMWQzwCpoeeoDy8
-UDAfBgNVHSMEGDAWgBSuceAYt64OzZMWQzwCpoeeoDy8UDAPBgNVHRMBAf8EBTAD
-AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBK0tWrl6woWCP+5m/5UlxIiw2q6wT/uT0V
-BGbyBYXLfJrk9/YWAPYGNrhWfzHUAO/hB+mV9L56RU74p/bNu1wjtfnOJaF9ybe0
-hr0Slh9dtWoFpGxUs0iEUQG6hDW39l86M9pyRz4V+Z5FTs/0I2kcSRMrJOOfNIfn
-2BbU+8gQTWE9/x/q8NqbhqFqID2nFWZ9xiIoXmFJkyOxMyMYKdrLDDEIGkfDXxj5
-aPzucyxKFAW3mma0wV7XFEtO2b5C2Hub7D7del0dK1feK/ydzgk3i7HDAohVJHYK
-fqW5YZZM292/65U8Oibf6kca3Y8dELTOc91EGOvKvIPIAT/u1ENh
------END CERTIFICATE-----
diff --git a/_egress_proxy/install-mitmproxy.sh b/_egress_proxy/install-mitmproxy.sh
index b21df70..c27e607 100644
--- a/_egress_proxy/install-mitmproxy.sh
+++ b/_egress_proxy/install-mitmproxy.sh
@@ -1,38 +1,24 @@
 #!/bin/bash
 
-sudo apt update -y
+# 1. install MITM proxy from official package
 
-# wget https://downloads.mitmproxy.org/10.2.2/mitmproxy-10.2.2-linux-x86_64.tar.gz
 wget https://downloads.mitmproxy.org/10.2.4/mitmproxy-10.2.4-linux-x86_64.tar.gz
 
-# tar -xvf mitmproxy-10.2.2-linux-x86_64.tar.gz
 tar -xvf mitmproxy-10.2.4-linux-x86_64.tar.gz
 
-# # start the proxy
-
-# ./mitmproxy
-
-# sudo apt update -y
+# [Other option] install MITM proxy using Python pip
 
 # sudo apt install python3-pip -y
-
 # pip3 install mitmproxy
+# sudo apt install wget -y # install if not installed
 
-# mitmproxy --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --set block_global=false
-
-# sudo apt install wget -y
+# MITM proxy can create a certificate for us on starting, but we will use our own certificate
+# 2. download the certificate files
 
 wget 'https://raw.githubusercontent.com/HoussemDellai/docker-kubernetes-course/main/_egress_proxy/certificate/mitmproxy-ca-cert.pem'
 wget 'https://raw.githubusercontent.com/HoussemDellai/docker-kubernetes-course/main/_egress_proxy/certificate/mitmproxy-ca.pem'
+wget 'https://raw.githubusercontent.com/HoussemDellai/docker-kubernetes-course/main/_egress_proxy/certificate/mitmproxy-ca-cert.p12'
 
-./mitmweb --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --set block_global=false --certs *=./mitmproxy-ca.pem --set confdir=./
-
-# mitmweb --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --certs *=cert.pem --set block_global=false
-
-# screen -d -m mitmweb --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --set block_global=false
-
-# install the cert in: mitm.it
-
+# 3. start MITM proxy with the certificate and expose the web interface
 
-cat mitmproxy-ca-cert.pem | base64 -w0
-# cat ~/.mitmproxy/mitmproxy-ca-cert.pem | base64 -w0
\ No newline at end of file
+./mitmweb --listen-port 8080 --web-host 0.0.0.0 --web-port 8081 --set block_global=false --certs *=./mitmproxy-ca.pem --set confdir=./
\ No newline at end of file
diff --git a/_egress_proxy/variables.tf b/_egress_proxy/variables.tf
index c40278a..55960cb 100644
--- a/_egress_proxy/variables.tf
+++ b/_egress_proxy/variables.tf
@@ -1,5 +1,5 @@
 variable "prefix" {
   description = "Prefix for resources"
   type        = string
-  default     = "66"
+  default     = "68"
 }
\ No newline at end of file
diff --git a/_egress_proxy/vm-linux-proxy-mitm.tf b/_egress_proxy/vm-linux-proxy-mitm.tf
index db0d357..5246d3f 100644
--- a/_egress_proxy/vm-linux-proxy-mitm.tf
+++ b/_egress_proxy/vm-linux-proxy-mitm.tf
@@ -33,7 +33,7 @@ resource "azurerm_linux_virtual_machine" "vm-proxy" {
   priority                        = "Spot"
   eviction_policy                 = "Deallocate"
 
-  # custom_data = filebase64("./install-mitmproxy.sh")
+  custom_data = filebase64("./install-mitmproxy.sh")
 
   os_disk {
     name                 = "os-disk-vm"