Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH Proxy #36

Closed
yunge opened this issue Mar 2, 2018 · 12 comments
Closed

SSH Proxy #36

yunge opened this issue Mar 2, 2018 · 12 comments

Comments

@yunge
Copy link

yunge commented Mar 2, 2018
edited by chobits
Loading

I want to proxy SSH connections on my server, port 443 to port 22. The reason is that sometimes the port 22 is not available.

The nginx conf is like this:

server{
    listen 443;
    server_name  ssh.mydomain;

    proxy_connect;
    proxy_connect_allow  all;
    proxy_connect_connect_timeout  15s;
    proxy_connect_read_timeout     30s;
    proxy_connect_send_timeout     30s;
    proxy_connect_address 127.0.0.1:22;

    # location / {
    #     proxy_pass http://127.0.0.1:22;
    # }

}

But I always get "The proxy server rejected connection request: Connection aborted." in Xshell. Any idea?
@chobits
Copy link
Owner

chobits commented Mar 6, 2018
edited
Loading

hi, could you provide nginx debug log for issue.

simple configure example as following:

error_log /path/to/log debug;

http {
    server {

@yunge
Copy link
Author

yunge commented Mar 6, 2018
edited
Loading

Thanks for reply.

The error log:
2018/03/06 23:00:06 [debug] 16955#0: timer delta: 1
2018/03/06 23:00:06 [debug] 16955#0: worker cycle
2018/03/06 23:00:06 [debug] 16955#0: epoll timer: 29942
2018/03/06 23:00:06 [debug] 16955#0: epoll: fd:14 ev:0005 d:0000000002176A59
2018/03/06 23:00:06 [debug] 16955#0: timer delta: 87
2018/03/06 23:00:06 [debug] 16955#0: worker cycle
2018/03/06 23:00:06 [debug] 16955#0: epoll timer: 29855
2018/03/06 23:00:36 [debug] 16955#0: timer delta: 29876
2018/03/06 23:00:36 [debug] 16955#0: worker cycle
2018/03/06 23:00:36 [debug] 16955#0: epoll timer: -1

And the log of xshell:
Connecting to 192.168.31.195:9443...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Connection closing...Socket close.

Connection closed by foreign host.

And btw, I found when I use the 443 port, other sites can't use the port, though they have different server names, I had to change the port, how can I handle this problem?

@chobits
Copy link
Owner

chobits commented Mar 7, 2018
edited
Loading

Hi,

I want to proxy SSH connections on my server, port 443 to port 22.

This module cannot meet your requirement. You should use tcp proxy server (raw tcp stream proxying) to proxy SSH connection from port 443 to port 22. For example, ngx_stream_module can work for this requirement.

This module is for HTTP-CONNECT tunnel. For more details, referer to https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling.

@neoadventist
Copy link

@yunge i'm trying to solve the same problem, can you ping when you've solved it!

@yunge
Copy link
Author

yunge commented Mar 7, 2018
edited
Loading

Hi,
I used the http proxy mode of putty/xshell, so that they can send SNI information to nginx(SSH doesn't send domain name), and the putty does send CONNECT request to server. But anyway, thanks for your advice.

@neoadventist,
If you really need this function, may be you will be interested in "sslh",
https://github.com/yrutschle/sslh
http://www.rutschle.net/tech/sslh/README.html
https://wiki.meurisse.org/wiki/sslh
But I really wish to just use nginx to handle this issue.

@chobits
Copy link
Owner

chobits commented Mar 7, 2018

hi @yunge

I have not used putty/xshell before, but I try to reproduce this issue. Could you provide your putty/xshell config (maybe need screenshot) . Then I can try to reproduce it.

Thanks

@adrian-007
Copy link

adrian-007 commented May 8, 2018
edited
Loading

I have similar problem. I can run this module just fine on CentOS with nginx 1.12 rebuild from source RPM. When I configure server to run ssl server on port other than 443, it works fine, but once I run it like other sites (that is on default ssl port), I get 400 Bad Request errors. I've tested it with a command:
curl -x https://myserver.com https://github.com

@yunge
Copy link
Author

yunge commented May 8, 2018

@chobits

Sorry that I missed your reply. My putty/xshell config are both default configs, you can download putty and I believe it's easy to reproduce it, thanks.

@jahoh
Copy link

jahoh commented Dec 21, 2018

I've tested it with the command:curl https://github.com/ -v -x 127.0.0.1:3128, but I got "curl(56) Proxy CONNECT aborted".

@anitakrueger
Copy link
Contributor

@adrian-007 Have you found a way to solve this? I am getting the exact same 400 error only when I'm running a named virtual host on port 443 rather than another specific port.

@chobits
Copy link
Owner

chobits commented Jun 19, 2019
edited
Loading

hi @anitakrueger

You can file a new issue, I guess your case is not the same one for this issue.
It helps me resolve the issue easily to know your nginx.conf and the request / data stream sent by your client,

For chrome-https-proxy-setting or connect-tunnel under SSL protocol, you can referer this guide: #22 (comment). ( This guide is not for curl https://... -x ..., this curl command is similar to chrome-http-proxy-setting, not to chrome-https-proxy-setting)

@adrian-007
Copy link

adrian-007 commented Jun 19, 2019 via email
edited
Loading

@chobits chobits closed this as completed Dec 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@yunge @chobits @anitakrueger @adrian-007 @neoadventist @jahoh