Welcome! Log In Create A New Profile

Advanced

Connect to NGINX reverse proxy through proxy

Posted by Ajay Sonawane 
Ajay Sonawane
Connect to NGINX reverse proxy through proxy
May 07, 2018 07:20AM
I am using NGINX as a HTTPS reverse proxy and load balancer. My clients are able to connect to reverse proxy using SSL and reverse proxy is able to terminate SSL connection and establish a new connection with backend server, data exchange is also happening.


Now I am trying to setup a proxy between a client and NGINX. I am using SQUID proxy in between. I have enabled proxy protocol on nginx using


listen 443 ssl proxy_protocol;


proxy_protocol on;




Still my client is not able to connect to NGINX through proxy. Is there anything else I need to do.


Ajay
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Roman Arutyunyan
Re: Connect to NGINX reverse proxy through proxy
May 07, 2018 12:30PM
Hello,

On Mon, May 07, 2018 at 05:15:34AM +0000, Ajay Sonawane wrote:
> I am using NGINX as a HTTPS reverse proxy and load balancer. My clients are able to connect to reverse proxy using SSL and reverse proxy is able to terminate SSL connection and establish a new connection with backend server, data exchange is also happening.
>
>
> Now I am trying to setup a proxy between a client and NGINX. I am using SQUID proxy in between. I have enabled proxy protocol on nginx using
>
>
> listen 443 ssl proxy_protocol;

This line instructs nginx to expect PROXY protocol header from SQUID.
Are you sure SQUID sends it? It looks like SQUID didn't support sending PROXY
protocol header up until recently.

> proxy_protocol on;
>
>
>
>
> Still my client is not able to connect to NGINX through proxy. Is there anything else I need to do.

For details it's better to look into error.log.

--
Roman Arutyunyan
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
>>For details it's better to look into error.log.

Error log says "Broker header [some garbage chars] while reading PROXY protocol, client: IPADDRESS, server:0.0.0.8443
________________________________
From: nginx <[email protected]> on behalf of Roman Arutyunyan <[email protected]>
Sent: Monday, May 7, 2018 3:55:59 PM
To: nginx@nginx.org
Subject: [EXT] Re: Connect to NGINX reverse proxy through proxy

Hello,

On Mon, May 07, 2018 at 05:15:34AM +0000, Ajay Sonawane wrote:
> I am using NGINX as a HTTPS reverse proxy and load balancer. My clients are able to connect to reverse proxy using SSL and reverse proxy is able to terminate SSL connection and establish a new connection with backend server, data exchange is also happening.
>
>
> Now I am trying to setup a proxy between a client and NGINX. I am using SQUID proxy in between. I have enabled proxy protocol on nginx using
>
>
> listen 443 ssl proxy_protocol;

This line instructs nginx to expect PROXY protocol header from SQUID.
Are you sure SQUID sends it? It looks like SQUID didn't support sending PROXY
protocol header up until recently.

> proxy_protocol on;
>
>
>
>
> Still my client is not able to connect to NGINX through proxy. Is there anything else I need to do.

For details it's better to look into error.log.

--
Roman Arutyunyan
_______________________________________________
nginx mailing list
nginx@nginx.org
https://clicktime.symantec.com/a/1/-T9P8fTQru19QtJ92SY81cK1kgruSCyqw2a3i7ct9uA=?d=6I_E5mOuE_JiHm4QhzDePIEnOq_IvGHWcHWAQhy-J4UZqqAmz64BtlAUxaKeJ_QUeJlstY5j28Te7x5BUPJmBb7m6We9GzVL-5L0HAk8nw5PEVbXWoK8dlsjU1x4BITL4J3OeGFrdRvQR2wkGd5zLcFgsskyU4BCbuzKn8V5bKCmxB1DpG8cQVok5PkZ6Qg7YthetOt87ogtudPBDs_PJbaFVREIFlzqZKx96xuvYbT5uWM1w_ZYymY83doc7FsBvMyEFL2ozigFAfQT3usyvOndD3N6RIZxARXwdst7NOabaJMq1_Wofqujl-IAJ3M5MqakCUcNqdCC1EjAlA_YICSnnQ6daqQgPbBISB2mdbmdwAjRzNyu8eLvEue2CCe1_oSfgf7r3F4edwaTYA%3D%3D&u=http%3A%2F%2Fmailman.nginx..org%2Fmailman%2Flistinfo%2Fnginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Roman Arutyunyan
Re: [EXT] Re: Connect to NGINX reverse proxy through proxy
May 07, 2018 01:00PM
On Mon, May 07, 2018 at 10:37:08AM +0000, Ajay Sonawane wrote:
> >>For details it's better to look into error.log.
>
> Error log says "Broker header [some garbage chars] while reading PROXY protocol, client: IPADDRESS, server:0.0.0.8443

This means the client (SQUID in your case) does not send the PROXY protocol
header. Remove the "proxy_protocol" parameter from "listen" to fix this.

> ________________________________
> From: nginx <[email protected]> on behalf of Roman Arutyunyan <[email protected]>
> Sent: Monday, May 7, 2018 3:55:59 PM
> To: nginx@nginx.org
> Subject: [EXT] Re: Connect to NGINX reverse proxy through proxy
>
> Hello,
>
> On Mon, May 07, 2018 at 05:15:34AM +0000, Ajay Sonawane wrote:
> > I am using NGINX as a HTTPS reverse proxy and load balancer. My clients are able to connect to reverse proxy using SSL and reverse proxy is able to terminate SSL connection and establish a new connection with backend server, data exchange is also happening.
> >
> >
> > Now I am trying to setup a proxy between a client and NGINX. I am using SQUID proxy in between. I have enabled proxy protocol on nginx using
> >
> >
> > listen 443 ssl proxy_protocol;
>
> This line instructs nginx to expect PROXY protocol header from SQUID.
> Are you sure SQUID sends it? It looks like SQUID didn't support sending PROXY
> protocol header up until recently.
>
> > proxy_protocol on;
> >
> >
> >
> >
> > Still my client is not able to connect to NGINX through proxy. Is there anything else I need to do.
>
> For details it's better to look into error.log.
>
> --
> Roman Arutyunyan
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> https://clicktime.symantec.com/a/1/-T9P8fTQru19QtJ92SY81cK1kgruSCyqw2a3i7ct9uA=?d=6I_E5mOuE_JiHm4QhzDePIEnOq_IvGHWcHWAQhy-J4UZqqAmz64BtlAUxaKeJ_QUeJlstY5j28Te7x5BUPJmBb7m6We9GzVL-5L0HAk8nw5PEVbXWoK8dlsjU1x4BITL4J3OeGFrdRvQR2wkGd5zLcFgsskyU4BCbuzKn8V5bKCmxB1DpG8cQVok5PkZ6Qg7YthetOt87ogtudPBDs_PJbaFVREIFlzqZKx96xuvYbT5uWM1w_ZYymY83doc7FsBvMyEFL2ozigFAfQT3usyvOndD3N6RIZxARXwdst7NOabaJMq1_Wofqujl-IAJ3M5MqakCUcNqdCC1EjAlA_YICSnnQ6daqQgPbBISB2mdbmdwAjRzNyu8eLvEue2CCe1_oSfgf7r3F4edwaTYA%3D%3D&u=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx

> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


--
Roman Arutyunyan
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Removing 'proxy_protocol' parameter fixed the problem. Thanks a lot.



________________________________
From: nginx <[email protected]> on behalf of Roman Arutyunyan <[email protected]>
Sent: Monday, May 7, 2018 4:24:51 PM
To: nginx@nginx.org
Subject: Re: [EXT] Re: Connect to NGINX reverse proxy through proxy

On Mon, May 07, 2018 at 10:37:08AM +0000, Ajay Sonawane wrote:
> >>For details it's better to look into error.log.
>
> Error log says "Broker header [some garbage chars] while reading PROXY protocol, client: IPADDRESS, server:0.0.0.8443

This means the client (SQUID in your case) does not send the PROXY protocol
header. Remove the "proxy_protocol" parameter from "listen" to fix this.

> ________________________________
> From: nginx <[email protected]> on behalf of Roman Arutyunyan <[email protected]>
> Sent: Monday, May 7, 2018 3:55:59 PM
> To: nginx@nginx.org
> Subject: [EXT] Re: Connect to NGINX reverse proxy through proxy
>
> Hello,
>
> On Mon, May 07, 2018 at 05:15:34AM +0000, Ajay Sonawane wrote:
> > I am using NGINX as a HTTPS reverse proxy and load balancer. My clients are able to connect to reverse proxy using SSL and reverse proxy is able to terminate SSL connection and establish a new connection with backend server, data exchange is also happening.
> >
> >
> > Now I am trying to setup a proxy between a client and NGINX. I am using SQUID proxy in between. I have enabled proxy protocol on nginx using
> >
> >
> > listen 443 ssl proxy_protocol;
>
> This line instructs nginx to expect PROXY protocol header from SQUID.
> Are you sure SQUID sends it? It looks like SQUID didn't support sending PROXY
> protocol header up until recently.
>
> > proxy_protocol on;
> >
> >
> >
> >
> > Still my client is not able to connect to NGINX through proxy. Is there anything else I need to do.
>
> For details it's better to look into error.log.
>
> --
> Roman Arutyunyan
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> https://clicktime.symantec.com/a/1/-T9P8fTQru19QtJ92SY81cK1kgruSCyqw2a3i7ct9uA=?d=6I_E5mOuE_JiHm4QhzDePIEnOq_IvGHWcHWAQhy-J4UZqqAmz64BtlAUxaKeJ_QUeJlstY5j28Te7x5BUPJmBb7m6We9GzVL-5L0HAk8nw5PEVbXWoK8dlsjU1x4BITL4J3OeGFrdRvQR2wkGd5zLcFgsskyU4BCbuzKn8V5bKCmxB1DpG8cQVok5PkZ6Qg7YthetOt87ogtudPBDs_PJbaFVREIFlzqZKx96xuvYbT5uWM1w_ZYymY83doc7FsBvMyEFL2ozigFAfQT3usyvOndD3N6RIZxARXwdst7NOabaJMq1_Wofqujl-IAJ3M5MqakCUcNqdCC1EjAlA_YICSnnQ6daqQgPbBISB2mdbmdwAjRzNyu8eLvEue2CCe1_oSfgf7r3F4edwaTYA%3D%3D&u=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx

> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> https://clicktime.symantec.com/a/1/iiK7PDu6t0LJJZcyrtHGQOP0hruXc0lm5KWh72JawJc=?d=zchGGR67Iik2GbGvPUQC-PpGi7Ku0O0GqbsZJKFz-j6IfASApbsJKzyFGhsJhW_ITVuwR--Gn1yeBVn-dCTHWruWcVnXGRvNM-11RN36_vODOpYutPp2ikEt1Kf4TOnD6VRSkprJ0TRoQ8mgXEASHF9NaVkTJtQj3kzZD953ikrNdU7JTvPd_jTYj797kIH4WZL4jsVCywcp6F8N1DtEHFj5uQsKvNeycQTe-Ck0BmzUJyeWSXxuXYfQnyAy-FVHxa6uVtbI6G4vx-WhcMoAZZmc20aBpbQHP8CyIgMnRvWp6kJ0oBGLq4TFj5LbKLuxIL4nPeqGtAQ2pSOTe89K32JZAHGVsYaAcxEI9aOBivM81JeIuLB_t93j4PpuP3do959qD2s3ZW0yR-UWfpAbwFC8ryDmgAY-&u=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx


--
Roman Arutyunyan
_______________________________________________
nginx mailing list
nginx@nginx.org
https://clicktime.symantec.com/a/1/iiK7PDu6t0LJJZcyrtHGQOP0hruXc0lm5KWh72JawJc=?d=zchGGR67Iik2GbGvPUQC-PpGi7Ku0O0GqbsZJKFz-j6IfASApbsJKzyFGhsJhW_ITVuwR--Gn1yeBVn-dCTHWruWcVnXGRvNM-11RN36_vODOpYutPp2ikEt1Kf4TOnD6VRSkprJ0TRoQ8mgXEASHF9NaVkTJtQj3kzZD953ikrNdU7JTvPd_jTYj797kIH4WZL4jsVCywcp6F8N1DtEHFj5uQsKvNeycQTe-Ck0BmzUJyeWSXxuXYfQnyAy-FVHxa6uVtbI6G4vx-WhcMoAZZmc20aBpbQHP8CyIgMnRvWp6kJ0oBGLq4TFj5LbKLuxIL4nPeqGtAQ2pSOTe89K32JZAHGVsYaAcxEI9aOBivM81JeIuLB_t93j4PpuP3do959qD2s3ZW0yR-UWfpAbwFC8ryDmgAY-&u=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login