| 1 |
Hi All, |
| 2 |
|
| 3 |
I am trying to set up a reverse-proxy at my home to be able to by-pass |
| 4 |
restrictive firewalls that only allow http/https traffic. |
| 5 |
|
| 6 |
So I configured nginx as a reverse-proxy to send connections to the sshd at the |
| 7 |
home server. However, I fail to establish a connection. The connection |
| 8 |
attempt errors out with: |
| 9 |
|
| 10 |
$ ssh root@192.168.1.5 |
| 11 |
SSL enabled |
| 12 |
Connected to XXX.XX.XXX.XX:443 (local proxy) |
| 13 |
|
| 14 |
Tunneling to 192.168.1.5:22 (destination) |
| 15 |
Communication with local proxy: |
| 16 |
-> CONNECT 192.168.1.5:22 HTTP/1.0 |
| 17 |
-> Proxy-Connection: Keep-Alive |
| 18 |
analyze_HTTP: readline failed: Connection closed by remote host |
| 19 |
ssh_exchange_identification: Connection closed by remote host |
| 20 |
|
| 21 |
where XXX is the public IP address of my server. |
| 22 |
|
| 23 |
the proxy tunnel command is as follows: |
| 24 |
|
| 25 |
/usr/bin/proxytunnel -v -e -p XXX.XX.XXX.XX:443 -R user:'secretpasswd' -d |
| 26 |
192.168.1.5:22 |
| 27 |
|
| 28 |
The relevant nginx entries are as follows: |
| 29 |
================================ |
| 30 |
upstream tunnel { |
| 31 |
server 127.0.0.1:22; |
| 32 |
} |
| 33 |
|
| 34 |
server { |
| 35 |
listen 443; |
| 36 |
server_name localhost; |
| 37 |
|
| 38 |
ssl on; |
| 39 |
ssl_certificate certs/cert.pem; |
| 40 |
ssl_certificate_key certs/cert.key; |
| 41 |
ssl_session_timeout 5m; |
| 42 |
keepalive_timeout 70; |
| 43 |
|
| 44 |
location / { |
| 45 |
auth_basic "Restricted"; |
| 46 |
auth_basic_user_file .htpasswd_slug; |
| 47 |
# proxy_pass http://tunnel; |
| 48 |
proxy_pass http://127.0.0.1; |
| 49 |
proxy_buffering off; |
| 50 |
proxy_set_header Host $host; |
| 51 |
proxy_set_header X-Real-IP $remote_addr; |
| 52 |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 53 |
proxy_redirect off; |
| 54 |
} |
| 55 |
} |
| 56 |
================================ |
| 57 |
|
| 58 |
|
| 59 |
The nginx error logs don't show anything, so I'm thinking there's something |
| 60 |
that the sshd does not like, but even when I increase the debug level in the |
| 61 |
sshd_config nothing shows up. This means that the remote client never reaches |
| 62 |
as far as the sshd server (nginx and sshd are both running on the same host). |
| 63 |
|
| 64 |
Any idea what causes this problem? |
| 65 |
|
| 66 |
-- |
| 67 |
Regards, |
| 68 |
Mick |
Archives