Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client -> nginx reverse proxy (https) -> Squid forward proxy (http) -> Destination? #261

Open
Angu0083 opened this issue Apr 13, 2023 · 1 comment
Open

Client -> nginx reverse proxy (https) -> Squid forward proxy (http) -> Destination? #261

Angu0083 opened this issue Apr 13, 2023 · 1 comment

Comments

@Angu0083
Copy link

Angu0083 commented Apr 13, 2023
edited by chobits

Hello,

   I'm using Nginx 1.18.0, complied with  ./configure --with-compat --add-dynamic module=/root/ngx_http_proxy_connect_module 

  Even the issue wasn't fixed. Kindly assist.

Note: If I change Nginx listen from HTTPS to HTTP, it's working but not on HTTPS.

Nginx Log:

[13/Apr/2023:18:49:58 +0000] "CONNECT www.whatismyip.com:443 HTTP/1.1" 400 157 "-" "-"
[13/Apr/2023:18:50:16 +0000] "CONNECT play.google.com:443 HTTP/1.1" 400 157 "-" "-"
[13/Apr/2023:18:50:17 +0000] "CONNECT www.youtube.com:443 HTTP/1.1" 400 157 "-" "-"
[13/Apr/2023:18:50:48 +0000] "CONNECT www.youtube.com:443 HTTP/1.1" 400 157 "-" "-"
[13/Apr/2023:18:51:20 +0000] "CONNECT www.youtube.com:443 HTTP/1.1" 400 157 "-" "-"

Nginx conf;

ser www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
load_module /usr/local/nginx/modules/ngx_http_proxy_connect_module.so;
events {
        worker_connections 768;
        # multi_accept on;
}

Nginx site config;

    server {
        server_name xxxxxxxxxxxx;

        location / {
                proxy_pass http://localhost:3128;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;



        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/xxxxxx-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/xxxxxx-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Nginx error Debug log;

2023/04/14 00:33:41 [debug] 69482#69482: epoll: fd:10 ev:0001 d:0000FFFFB036E1E0
2023/04/14 00:33:41 [debug] 69482#69482: timer delta: 3908
2023/04/14 00:33:41 [debug] 69482#69482: worker cycle
2023/04/14 00:33:41 [debug] 69482#69482: epoll timer: 60000
2023/04/14 00:33:41 [debug] 69482#69482: epoll: fd:16 ev:0001 d:0000FFFFB036E499
2023/04/14 00:33:41 [debug] 69482#69482: timer delta: 4
2023/04/14 00:33:41 [debug] 69482#69482: worker cycle
2023/04/14 00:33:41 [debug] 69482#69482: epoll timer: 5000
2023/04/14 00:33:41 [debug] 69482#69482: epoll: fd:16 ev:2011 d:0000FFFFB036E499
2023/04/14 00:33:41 [debug] 69482#69482: epoll_wait() error on fd:16 ev:2011
2023/04/14 00:33:41 [debug] 69482#69482: timer delta: 40
2023/04/14 00:33:41 [debug] 69482#69482: worker cycle
2023/04/14 00:33:41 [debug] 69482#69482: epoll timer: -1
@chobits
Copy link
Owner

chobits commented Apr 16, 2023
edited

It seemed that you had not configured proxy_connect module in your configuration file. And 400 bad request record from your access.log means that proxy_connect is not configured or built into nginx source core.

Also note if you build proxy_connect as a dynamic module, you should replace old nginx binary also with the one that is generated while compiling proxy_connect.so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chobits @Angu0083