Giters

seknox / trasa

Zero Trust Service Access

Home Page:https://www.trasa.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

NGINX proxy to trasa[PERF]

hardsoftsecurity opened this issue · comments

commented

Describe the issue/idea:
Hello, I have mounted a proxy with NGINX and I am trying to make a proxy with trasa, but when performing an rdp I get the following error in the browser:

"The upstream server does not appear to exist, or cannot be reached over the network. In most cases, the upstream server is the remote desktop server."

and checking the NGINX log I find the following information:

"GET /accessproxy/rdp/tunnel HTTP/1.1" 400 12 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/".

Has anyone managed to establish a proxy in front of trasa? if I delete the proxy it works correctly...

NGINX configuration:

server {
listen 80;
server_name domain;
return 301 https://$host$request_uri;
}

server {
if ($scheme != "https") {
return 301 https://$host$request_uri;
}

    listen 443 ssl;
    server_name domain;

    ssl_certificate /etc/letsencrypt/live/domain-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain-0001/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    #ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    access_log            /var/log/nginx/domain.access.log;
    error_log /var/log/nginx/domain.error.log error;
    location / {
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_pass              https://domain/;
    }

}

All the best.

Scope of the issue/idea:

  • TRASA codebase
  • dashboard
  • server
  • mobile app
  • browser extension
  • device agent
  • website/docs
commented

Hi, in your Nginx config file, you will need to enable proxying websocket protocol as:

location / {
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_pass              https://domain/;

            # add following to your config file 
            proxy_buffering off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $http_connection;
    }
commented

Hi, in your Nginx config file, you will need to enable proxying websocket protocol as:

location / {
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_pass              https://domain/;

            # add following to your config file 
            proxy_buffering off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $http_connection;
    }

Hi, i added this options on my configuration file and works fine thank you for the help.