Giters

chobits / ngx_http_proxy_connect_module

A forward proxy module for CONNECT request handling

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Client -> nginx reverse proxy (https) -> Squid forward proxy (http) -> Destination?

Angu0083 opened this issue · comments

commented

Hello,

   I'm using Nginx 1.18.0, complied with  ./configure --with-compat --add-dynamic module=/root/ngx_http_proxy_connect_module 

  Even the issue wasn't fixed. Kindly assist.

Note: If I change Nginx listen from HTTPS to HTTP, it's working but not on HTTPS.

Nginx Log:

[13/Apr/2023:18:49:58 +0000] "CONNECT www.whatismyip.com:443 HTTP/1.1" 400 157 "-" "-"
[13/Apr/2023:18:50:16 +0000] "CONNECT play.google.com:443 HTTP/1.1" 400 157 "-" "-"
[13/Apr/2023:18:50:17 +0000] "CONNECT www.youtube.com:443 HTTP/1.1" 400 157 "-" "-"
[13/Apr/2023:18:50:48 +0000] "CONNECT www.youtube.com:443 HTTP/1.1" 400 157 "-" "-"
[13/Apr/2023:18:51:20 +0000] "CONNECT www.youtube.com:443 HTTP/1.1" 400 157 "-" "-"

Nginx conf;

ser www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
load_module /usr/local/nginx/modules/ngx_http_proxy_connect_module.so;
events {
        worker_connections 768;
        # multi_accept on;
}

Nginx site config;

    server {
        server_name xxxxxxxxxxxx;

        location / {
                proxy_pass http://localhost:3128;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;



        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/xxxxxx-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/xxxxxx-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Nginx error Debug log;

2023/04/14 00:33:41 [debug] 69482#69482: epoll: fd:10 ev:0001 d:0000FFFFB036E1E0
2023/04/14 00:33:41 [debug] 69482#69482: timer delta: 3908
2023/04/14 00:33:41 [debug] 69482#69482: worker cycle
2023/04/14 00:33:41 [debug] 69482#69482: epoll timer: 60000
2023/04/14 00:33:41 [debug] 69482#69482: epoll: fd:16 ev:0001 d:0000FFFFB036E499
2023/04/14 00:33:41 [debug] 69482#69482: timer delta: 4
2023/04/14 00:33:41 [debug] 69482#69482: worker cycle
2023/04/14 00:33:41 [debug] 69482#69482: epoll timer: 5000
2023/04/14 00:33:41 [debug] 69482#69482: epoll: fd:16 ev:2011 d:0000FFFFB036E499
2023/04/14 00:33:41 [debug] 69482#69482: epoll_wait() error on fd:16 ev:2011
2023/04/14 00:33:41 [debug] 69482#69482: timer delta: 40
2023/04/14 00:33:41 [debug] 69482#69482: worker cycle
2023/04/14 00:33:41 [debug] 69482#69482: epoll timer: -1
commented

It seemed that you had not configured proxy_connect module in your configuration file. And 400 bad request record from your access.log means that proxy_connect is not configured or built into nginx source core.

Also note if you build proxy_connect as a dynamic module, you should replace old nginx binary also with the one that is generated while compiling proxy_connect.so.