Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to forward proxy twice #322

Open
ldy opened this issue Sep 30, 2024 · 1 comment
Open

How to forward proxy twice #322

ldy opened this issue Sep 30, 2024 · 1 comment

Comments

@ldy
Copy link

ldy commented Sep 30, 2024

The network topology diagram is like this:
Client Machine C --> Nginx Machine B(installed connect_module)--> Nginx Machine A(installed connect_module) --> target website

Machine A can access the external network,Machine B can access Machine A,Machine C can access Machine B,How to configure make Machine C can access https website?I tried this configuration,Machine C can access http website,but cannot access https website。

# Machine A configuration,After this,Machine B can access http/https website
server {
	listen  8080;

	# dns resolver used by forward proxying
	resolver  114.114.114.114;

	# forward proxy for CONNECT request
	proxy_connect;
	proxy_connect_allow            443 80;
	proxy_connect_connect_timeout  10s;
	proxy_connect_read_timeout     10s;
	proxy_connect_send_timeout     10s;

	# forward proxy for non-CONNECT request
	location / {
		proxy_pass $scheme://$host;
		proxy_set_header Host $host;
	}
}

# Machine B configuration,After this,Machine C can access http website
server {
	listen                           8081;
	#server_name                     localhost;
	#resolver                        Machine A ipv6=off;
        #proxy_connect;
	#proxy_connect_allow            443 80;
	#proxy_connect_connect_timeout  10s;
	#proxy_connect_read_timeout     10s;
	#proxy_connect_send_timeout     10s;
	location / {
		proxy_pass $scheme://Machine A:8081;
		proxy_set_header Host $host;
		proxy_set_header Referer $http_referer;    
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
	}
}

I have tried multiple configuration methods in Machine B,still cannot make Machine C access https website,can you tell me where I went wrong?
@chobits
Copy link
Owner

chobits commented Nov 5, 2024

It might be unavailable to cascade two proxy_connect agent.

The first proxy_connect agent will extract raw data from CONNET tunnel, then it forwards the flow to 2nd proxy_connect agent. The 2nd proxy_connect agent also tries to extract the raw data from the tunnel, but there is no tunnel (CONNECT request) only raw data, so it fails.

So a possible way is to change one of the proxy_connect agent to pure tcp proxy agent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chobits @ldy