1 |
On Sunday 19 Feb 2012 18:15:46 Mick wrote: |
2 |
> Hi All, |
3 |
> |
4 |
> I am trying to set up a reverse-proxy at my home to be able to by-pass |
5 |
> restrictive firewalls that only allow http/https traffic. |
6 |
> |
7 |
> So I configured nginx as a reverse-proxy to send connections to the sshd at |
8 |
> the home server. However, I fail to establish a connection. The |
9 |
> connection attempt errors out with: |
10 |
> |
11 |
> $ ssh root@192.168.1.5 |
12 |
> SSL enabled |
13 |
> Connected to XXX.XX.XXX.XX:443 (local proxy) |
14 |
> |
15 |
> Tunneling to 192.168.1.5:22 (destination) |
16 |
> Communication with local proxy: |
17 |
> -> CONNECT 192.168.1.5:22 HTTP/1.0 |
18 |
> -> Proxy-Connection: Keep-Alive |
19 |
> analyze_HTTP: readline failed: Connection closed by remote host |
20 |
> ssh_exchange_identification: Connection closed by remote host |
21 |
> |
22 |
> where XXX is the public IP address of my server. |
23 |
> |
24 |
> the proxy tunnel command is as follows: |
25 |
> |
26 |
> /usr/bin/proxytunnel -v -e -p XXX.XX.XXX.XX:443 -R user:'secretpasswd' -d |
27 |
> 192.168.1.5:22 |
28 |
> |
29 |
> The relevant nginx entries are as follows: |
30 |
> ================================ |
31 |
> upstream tunnel { |
32 |
> server 127.0.0.1:22; |
33 |
> } |
34 |
> |
35 |
> server { |
36 |
> listen 443; |
37 |
> server_name localhost; |
38 |
> |
39 |
> ssl on; |
40 |
> ssl_certificate certs/cert.pem; |
41 |
> ssl_certificate_key certs/cert.key; |
42 |
> ssl_session_timeout 5m; |
43 |
> keepalive_timeout 70; |
44 |
> |
45 |
> location / { |
46 |
> auth_basic "Restricted"; |
47 |
> auth_basic_user_file .htpasswd_slug; |
48 |
> # proxy_pass http://tunnel; |
49 |
> proxy_pass http://127.0.0.1; |
50 |
> proxy_buffering off; |
51 |
> proxy_set_header Host $host; |
52 |
> proxy_set_header X-Real-IP $remote_addr; |
53 |
> proxy_set_header X-Forwarded-For |
54 |
> $proxy_add_x_forwarded_for; proxy_redirect off; |
55 |
> } |
56 |
> } |
57 |
> ================================ |
58 |
> |
59 |
> |
60 |
> The nginx error logs don't show anything, so I'm thinking there's something |
61 |
> that the sshd does not like, but even when I increase the debug level in |
62 |
> the sshd_config nothing shows up. This means that the remote client never |
63 |
> reaches as far as the sshd server (nginx and sshd are both running on the |
64 |
> same host). |
65 |
> |
66 |
> Any idea what causes this problem? |
67 |
|
68 |
Could it be that the ssd does not like http/1.0 connections? |
69 |
|
70 |
> Tunneling to 192.168.1.5:22 (destination) |
71 |
> Communication with local proxy: |
72 |
> -> CONNECT 192.168.1.5:22 HTTP/1.0 |
73 |
|
74 |
Is it possible to configure a proxy connection from nginx without the http |
75 |
headers? |
76 |
-- |
77 |
Regards, |
78 |
Mick |