Closed UsamaMehboob closed 1 year ago
cc @chobits can you please let me know if there is an obvious wrong in my setup? thanks
hi
If you run command curl https://www.google.com
, the client curl will send normal https protocol to client, which means client sends SSL handshake firstly to establish an SSL connection and then sends normal Encrypted http request over the SSL connection. In such case, this module( proxy_connect) module will not handle the https request, because it only handles CONNECT request and then proxies the data over the CONNECT tunnel. However, curl -x
will sends a CONNECT request to establish a CONNECT tunnel and then send data over the tunnel.
The error you got is that your nginx server did not work under SSL protocol, so that curl client report unknown protocol error. BTW, although if your nginx have been configured as SSL server, the client might still get SSL handshake error, because the curl client would check the SSL cert of www.google.com. If you dont have SSL private key of google SSL server configured in your nginx server, the SSL traffic from client cannot be parsed or handled (the SSL connection cannot be established in SSL handshake phase) . SSL protocol is designed to protect the encrypted data.
BTW, if you uses CONNECT tunnel, the proxy_connect module can proxy data between your client and google server. But it cannot parse the encrypted data over the tunnel because of SSL Encryption Protocol.
Only CONNECT tunnel data will be handled by proxy_connect module, other normal SSL HTTP or HTTP request will be handled by nginx server itself.
Enabling your web browser HTTPS proxy setting or using curl -x
command can establish a CONNECT tunnel.
closing it , if you still have this issue, feel free to reopen
Hi, so I have nginx running with this module with an ip address 172.24.27.204 and I can send my traffic from client by explicitly giving proxy info. But when I tried to enable transparent config, I am getting an error.
For working explicit proxy config:
from my client, I can send the request
curl https://www.google.com -x 172.24.27.204:3128
and I get http 200 response.However, I want to send my packets transparently so I applied this config
Have also enabled this ip table rule :
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3128
My packets are reaching the nginx node but on client side I see this error
Any help would be appreciated. been struggling with this all day. thanks in advance.