1 |
Hi All, |
2 |
|
3 |
I am trying to set up a reverse-proxy at my home to be able to by-pass |
4 |
restrictive firewalls that only allow http/https traffic. |
5 |
|
6 |
So I configured nginx as a reverse-proxy to send connections to the sshd at the |
7 |
home server. However, I fail to establish a connection. The connection |
8 |
attempt errors out with: |
9 |
|
10 |
$ ssh root@192.168.1.5 |
11 |
SSL enabled |
12 |
Connected to XXX.XX.XXX.XX:443 (local proxy) |
13 |
|
14 |
Tunneling to 192.168.1.5:22 (destination) |
15 |
Communication with local proxy: |
16 |
-> CONNECT 192.168.1.5:22 HTTP/1.0 |
17 |
-> Proxy-Connection: Keep-Alive |
18 |
analyze_HTTP: readline failed: Connection closed by remote host |
19 |
ssh_exchange_identification: Connection closed by remote host |
20 |
|
21 |
where XXX is the public IP address of my server. |
22 |
|
23 |
the proxy tunnel command is as follows: |
24 |
|
25 |
/usr/bin/proxytunnel -v -e -p XXX.XX.XXX.XX:443 -R user:'secretpasswd' -d |
26 |
192.168.1.5:22 |
27 |
|
28 |
The relevant nginx entries are as follows: |
29 |
================================ |
30 |
upstream tunnel { |
31 |
server 127.0.0.1:22; |
32 |
} |
33 |
|
34 |
server { |
35 |
listen 443; |
36 |
server_name localhost; |
37 |
|
38 |
ssl on; |
39 |
ssl_certificate certs/cert.pem; |
40 |
ssl_certificate_key certs/cert.key; |
41 |
ssl_session_timeout 5m; |
42 |
keepalive_timeout 70; |
43 |
|
44 |
location / { |
45 |
auth_basic "Restricted"; |
46 |
auth_basic_user_file .htpasswd_slug; |
47 |
# proxy_pass http://tunnel; |
48 |
proxy_pass http://127.0.0.1; |
49 |
proxy_buffering off; |
50 |
proxy_set_header Host $host; |
51 |
proxy_set_header X-Real-IP $remote_addr; |
52 |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
53 |
proxy_redirect off; |
54 |
} |
55 |
} |
56 |
================================ |
57 |
|
58 |
|
59 |
The nginx error logs don't show anything, so I'm thinking there's something |
60 |
that the sshd does not like, but even when I increase the debug level in the |
61 |
sshd_config nothing shows up. This means that the remote client never reaches |
62 |
as far as the sshd server (nginx and sshd are both running on the same host). |
63 |
|
64 |
Any idea what causes this problem? |
65 |
|
66 |
-- |
67 |
Regards, |
68 |
Mick |