Opened 6 months ago

Closed 6 months ago

#2173 closed task (invalid)

Nginx simple proxy set-up returns 400 (Bad Request)

Reported by: Aniruddha Gore Owned by:
Priority: minor Milestone:
Component: other Version:
Keywords: Cc:
uname -a: N/A
nginx -V: nginx version: nginx/1.20.0
built by cl 16.00.40219.01 for 80x86
built with OpenSSL 1.1.1k 25 Mar 2021
TLS SNI support enabled
configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msvc8/lib/pcre-8.44 --with-zlib=objs.msvc8/lib/zlib-1.2.11 --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-openssl=objs.msvc8/lib/openssl-1.1.1k --with-openssl-opt='no-asm no-tests -D_WIN32_WINNT=0x0501' --with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module

Description

Context:
I have my client application running on a machine (A) that does not have internet connectivity. It, however, can connect to another machine (B) that has full network connectivity. I intend to set-up nginx as a simple proxy on B such that the client app on A can make HTTPS requests by setting web proxy on them (B's ip address and port).

Problem:
All requests fail with 400 with following in error.log:
*1 client sent invalid request while reading client request line, client: ###.###.#.##, server: , request: "CONNECT my.service.url.com:443 HTTP/1.1"

Config:
This is how nginx.config looks like:

worker_processes 1;
error_log logs/error.log info;
events {

worker_connections 1024;

}
http {

include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {

listen 8080;
location / {

proxy_pass https://my.service.url.com:443;

}

}

}

Questions:
I am not sure why requests keep failing. I am new to the world of proxy so any help in the right direction is really appreciated. I suspect this is happening because I did not understand the config correctly, or, something to do with the calls being HTTPS.

Change History (1)

comment:1 by Maxim Dounin, 6 months ago

Resolution: invalid
Status: newclosed

It looks like you've configured machine A to use nginx on machine B as a forward proxy. So attempts to connect to HTTPS sites will try to establish an opaque tunnel using the CONNECT method.

This is not how nginx is expected to be used though: it is an HTTP server and a reverse proxy, but not a forward proxy. And it does not support the CONNECT method, as it is only used on forward proxies.

If you want to use nginx, consider configuring it as reverse proxy instead: that is, on machine A point appropriate domain names to machine B and configure nginx to answer these names, reverse proxying them as appropriate. Alternatively, consider installing a proper forward proxy, such as Squid.

If you need further help with configuring nginx, consider support options available.

Note: See TracTickets for help on using tickets.