Welcome! Log In Create A New Profile

Advanced

Multiple "channels" on forwarded port (with a ssh-reverse-tunnel behind)

Posted by Ajay Garg 
Hi All.

Let's say, we have a server-block like

########################################################################
server {
listen 2001 ssl;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {
auth_basic 'Restricted';
auth_basic_user_file /home/
20da689b45c84f2b80bc84d651ed573f/.htpasswd;

if ($remote_user = "
20da689b45c84f2b80bc84d651ed573f") {
proxy_pass
https://127.0.0.1:2000;
}

}
}
########################################################################


and when a user opens the browser window. she authenticates, and is
appropriately forwarded to port 2000 on the server.
This port (2000) is in a LISTENING state on the server, created via a
ssh-reverse-tunnel, through the command

sshpass -p password ssh -N -R 0.0.0.0:2000:192.168.1.1:443
user@1.2.3.4

from the remote-machine.

Things work fine if only one user is forwarded to port 2000.
However, I observe that if a second user logs into the server and provides
the same auth-credentials, a 502-Bad-Gateway error is observed 99% of the
times.

Is this expected?
Does the forwarding over a ssh-reverse-tunnelled-port work reliably only if
one user is forwarded to the port?

I am sorry if I am posting to the wrong list, not sure if this is a
question related to nginx or ssh-reverse-tunnelling in general.
Will be great to hear thoughts/experiences from the experts.


Thanks and Regards,
Ajay
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry for the idiotic question.

Just checked, multiple sockets are created on each side of the ssh-reverse
tunnel.
So, seems the 502-Bad-Gateway error is due to other (network-slowness)
issues.

Sorry again.


Thanks and Regards,
Ajay

On Wed, Apr 12, 2017 at 12:38 PM, Ajay Garg <[email protected]> wrote:

> Hi All.
>
> Let's say, we have a server-block like
>
> ########################################################################
> server {
> listen 2001 ssl;
>
> ssl_certificate /etc/nginx/ssl/nginx.crt;
> ssl_certificate_key /etc/nginx/ssl/nginx.key;
>
> location / {
> auth_basic 'Restricted';
> auth_basic_user_file
> /home/20da689b45c84f2b80bc84d651ed573f/.htpasswd;
>
> if ($remote_user =
> "20da689b45c84f2b80bc84d651ed573f") {
> proxy_pass
> https://127.0.0.1:2000;
> }
>
> }
> }
> ########################################################################
>
>
> and when a user opens the browser window. she authenticates, and is
> appropriately forwarded to port 2000 on the server.
> This port (2000) is in a LISTENING state on the server, created via a
> ssh-reverse-tunnel, through the command
>
> sshpass -p password ssh -N -R 0.0.0.0:2000:192.168.1.1:443
> user@1.2.3.4
>
> from the remote-machine.
>
> Things work fine if only one user is forwarded to port 2000.
> However, I observe that if a second user logs into the server and provides
> the same auth-credentials, a 502-Bad-Gateway error is observed 99% of the
> times.
>
> Is this expected?
> Does the forwarding over a ssh-reverse-tunnelled-port work reliably only
> if one user is forwarded to the port?
>
> I am sorry if I am posting to the wrong list, not sure if this is a
> question related to nginx or ssh-reverse-tunnelling in general.
> Will be great to hear thoughts/experiences from the experts.
>
>
> Thanks and Regards,
> Ajay
>
>


--
Regards,
Ajay
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login