[gentoo-user] Re: [OT] Proxytunnel through nginx - gentoo-user

From:	Mick <michaelkintzios@×××××.com>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] Re: [OT] Proxytunnel through nginx
Date:	Wed, 22 Feb 2012 07:16:05
Message-Id:	`201202220714.27145.michaelkintzios@gmail.com`
In Reply to:	[gentoo-user] [OT] Proxytunnel through nginx by Mick

1

On Sunday 19 Feb 2012 18:15:46 Mick wrote:

2

> Hi All,

3

>

4

> I am trying to set up a reverse-proxy at my home to be able to by-pass

5

> restrictive firewalls that only allow http/https traffic.

6

>

7

> So I configured nginx as a reverse-proxy to send connections to the sshd at

8

> the home server.  However, I fail to establish a connection.  The

9

> connection attempt errors out with:

10

>

11

> $ ssh root@192.168.1.5

12

> SSL enabled

13

> Connected to XXX.XX.XXX.XX:443 (local proxy)

14

>

15

> Tunneling to 192.168.1.5:22 (destination)

16

> Communication with local proxy:

17

>  -> CONNECT 192.168.1.5:22 HTTP/1.0

18

>  -> Proxy-Connection: Keep-Alive

19

> analyze_HTTP: readline failed: Connection closed by remote host

20

> ssh_exchange_identification: Connection closed by remote host

21

>

22

> where XXX is the public IP address of my server.

23

>

24

> the proxy tunnel command is as follows:

25

>

26

>  /usr/bin/proxytunnel -v -e -p XXX.XX.XXX.XX:443 -R user:'secretpasswd' -d

27

> 192.168.1.5:22

28

>

29

> The relevant nginx entries are as follows:

30

> ================================

31

>     upstream tunnel {

32

>         server 127.0.0.1:22;

33

>         }

34

>

35

>     server {

36

>         listen       443;

37

>         server_name  localhost;

38

>

39

>         ssl                  on;

40

>         ssl_certificate      certs/cert.pem;

41

>         ssl_certificate_key  certs/cert.key;

42

>         ssl_session_timeout  5m;

43

>         keepalive_timeout       70;

44

>

45

>         location /  {

46

>                 auth_basic      "Restricted";

47

>                 auth_basic_user_file    .htpasswd_slug;

48

> #               proxy_pass http://tunnel;

49

>                 proxy_pass http://127.0.0.1;

50

>                 proxy_buffering off;

51

>                 proxy_set_header Host $host;

52

>                 proxy_set_header X-Real-IP $remote_addr;

53

>                 proxy_set_header X-Forwarded-For

54

> $proxy_add_x_forwarded_for; proxy_redirect off;

55

>         }

56

> }

57

> ================================

58

>

59

>

60

> The nginx error logs don't show anything, so I'm thinking there's something

61

> that the sshd does not like, but even when I increase the debug level in

62

> the sshd_config nothing shows up.  This means that the remote client never

63

> reaches as far as the sshd server (nginx and sshd are both running on the

64

> same host).

65

>

66

> Any idea what causes this problem?

67

68

Could it be that the ssd does not like http/1.0 connections?

69

70

> Tunneling to 192.168.1.5:22 (destination)

71

> Communication with local proxy:

72

>  -> CONNECT 192.168.1.5:22 HTTP/1.0

73

74

Is it possible to configure a proxy connection from nginx without the http 

75

headers?

76

--

77

Regards,

78

Mick

Gentoo Archives: gentoo-user

Attachments

1	On Sunday 19 Feb 2012 18:15:46 Mick wrote:
2	> Hi All,
3	>
4	> I am trying to set up a reverse-proxy at my home to be able to by-pass
5	> restrictive firewalls that only allow http/https traffic.
6	>
7	> So I configured nginx as a reverse-proxy to send connections to the sshd at
8	> the home server. However, I fail to establish a connection. The
9	> connection attempt errors out with:
10	>
11	> $ ssh root@192.168.1.5
12	> SSL enabled
13	> Connected to XXX.XX.XXX.XX:443 (local proxy)
14	>
15	> Tunneling to 192.168.1.5:22 (destination)
16	> Communication with local proxy:
17	> -> CONNECT 192.168.1.5:22 HTTP/1.0
18	> -> Proxy-Connection: Keep-Alive
19	> analyze_HTTP: readline failed: Connection closed by remote host
20	> ssh_exchange_identification: Connection closed by remote host
21	>
22	> where XXX is the public IP address of my server.
23	>
24	> the proxy tunnel command is as follows:
25	>
26	> /usr/bin/proxytunnel -v -e -p XXX.XX.XXX.XX:443 -R user:'secretpasswd' -d
27	> 192.168.1.5:22
28	>
29	> The relevant nginx entries are as follows:
30	> ================================
31	> upstream tunnel {
32	> server 127.0.0.1:22;
33	> }
34	>
35	> server {
36	> listen 443;
37	> server_name localhost;
38	>
39	> ssl on;
40	> ssl_certificate certs/cert.pem;
41	> ssl_certificate_key certs/cert.key;
42	> ssl_session_timeout 5m;
43	> keepalive_timeout 70;
44	>
45	> location / {
46	> auth_basic "Restricted";
47	> auth_basic_user_file .htpasswd_slug;
48	> # proxy_pass http://tunnel;
49	> proxy_pass http://127.0.0.1;
50	> proxy_buffering off;
51	> proxy_set_header Host $host;
52	> proxy_set_header X-Real-IP $remote_addr;
53	> proxy_set_header X-Forwarded-For
54	> $proxy_add_x_forwarded_for; proxy_redirect off;
55	> }
56	> }
57	> ================================
58	>
59	>
60	> The nginx error logs don't show anything, so I'm thinking there's something
61	> that the sshd does not like, but even when I increase the debug level in
62	> the sshd_config nothing shows up. This means that the remote client never
63	> reaches as far as the sshd server (nginx and sshd are both running on the
64	> same host).
65	>
66	> Any idea what causes this problem?
67
68	Could it be that the ssd does not like http/1.0 connections?
69
70	> Tunneling to 192.168.1.5:22 (destination)
71	> Communication with local proxy:
72	> -> CONNECT 192.168.1.5:22 HTTP/1.0
73
74	Is it possible to configure a proxy connection from nginx without the http
75	headers?
76	--
77	Regards,
78	Mick