-
Notifications
You must be signed in to change notification settings - Fork 504
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can it used as a https proxy to tunnel tcp? #22
Comments
hi, this module is used to handle CONNECT-request tunnel, this request is plain request (not over ssl). Seems that there is no client (webbrowsers / curl ) sending CONNECT request over SSL layer. So if u want to use this module, config it in non-ssl server. For more details of CONNECT tunnel, see: https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling |
Chrome and Firefox has https proxy support. other web client can use nghttpx to translate http to h2 , I'm now use nghttpx as frontend server, and nginx with this module in backend . this is a workaround way. If the moudle can directly support CONNECT request over ssl , i can just use nginx 😀. see this blog https://wzyboy.im/post/1052.html |
Thanks for sharing this idea, let me look deep into it this weekend:) |
hi @friskfly , I have made connect tunnel over ssl work. I'm currenty using chrome-https-proxy-setting with ngx_http_proxy_connect_module to write this comment :) data stream diagram:
How to use ngx_http_proxy_connect_module as https proxyngx_http_proxy_connect_module configure:config Nginx server to handle CONNECT tunnel over ssl in port 8443
Google Chrome https proxy settingNote that I use chrome extension SwitchyOmega to control proxy setting. Select Google Chrome Error: ERR_PROXY_CERTIFICATE_INVALIDThe main problem, I try to resolve, is chrome reporting error: ERR_PROXY_CERTIFICATE_INVALID. Note that I'm using macOS Sierra(version 10.12.6) and Goolge Chrome (Version 62.0.3202.94 (Official Build) (64-bit)).
For more details, see https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate. Here is my configure screenshot: |
@chobits I tried again , with |
hi @friskfly Yes, this is known issue in my TODO-list. This is a long term plan, I dont have time to deal with this currently. At least three points we should pay attention to:
|
I see. Thx for your reply. |
I am closing this issue, the TODO issue for h2 is added, see #25. |
Hi, I am building a https proxy to block the ads working with PAC. The idea is all
Please help me with this. |
Hi, is it possible to transfer the real ip address of the user through the https proxy? |
无法启用 ssl
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module --add-dynamic-module=/home/tomoncle/ngx_http_proxy_connect_module 正向代理配置server {
listen 6443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
resolver 114.114.114.114;
### connect tunnel
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_set_header Host $host;
proxy_pass http://$host;
}
} 测试[root@5c5b6 ~]# curl -x 127.0.0.1:6443 -v www.baidu.com
* About to connect() to proxy 127.0.0.1 port 6443 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 6443 (#0)
> GET HTTP://www.baidu.com/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.baidu.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.16.1
< Date: Thu, 23 Dec 2021 01:46:48 GMT
< Content-Type: text/html; charset=utf-8,gbk
< Content-Length: 255
< Connection: close
<
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
* Closing connection 0
[root@5c5b6 ~]# curl -x 127.0.0.1:6443 -v https://www.baidu.com
* About to connect() to proxy 127.0.0.1 port 6443 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 6443 (#0)
* Establish HTTP proxy tunnel to www.baidu.com:443
> CONNECT www.baidu.com:443 HTTP/1.1
> Host: www.baidu.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.16.1
< Date: Thu, 23 Dec 2021 01:46:54 GMT
< Content-Type: text/html; charset=utf-8,gbk
< Content-Length: 255
< Connection: close
<
* Received HTTP code 400 from proxy after CONNECT
* Connection #0 to host 127.0.0.1 left intact
curl: (56) Received HTTP code 400 from proxy after CONNECT 问题当我关闭ssl 时(配置文件第一行删除ssl参数)代理工作正常 我看您这边配置成功了,是可以支持 客户端 -> |
I have the same problem
I have the same problem too. "client sent plain HTTP request to HTTPS port while reading client request headers," |
hi, your configuration is right, but ur constructed curl command is not right, see my latest documentation here: https://github.com/chobits/ngx_http_proxy_connect_module#example-for-curl-connect-request-in-https
|
I tried in ssl server block , but not succeed
The text was updated successfully, but these errors were encountered: