search

dannote / socks-nginx-module

An nginx_http_proxy_module fork with SOCKS5 support
196 stars 65 forks source link

If proxy server is refusing connections or proxied site is down then nginx is crashing #10

Open ghost opened 7 years ago

ghost commented 7 years ago

what i was doing is , i was using socks-nginx-module to connect to TOR network which was listening on 127.0.0.1:9050 and then using Host header to request .onion site , i.e. i was doing reverse proxy to .onion website over TOR network using nginx and socks-nginx-module + TOR .

but if the .onion site is dead or the proxy stops i.e. TOR stops workiong then somehow nginx is crashing, my other sites were throwing 502 too.

here is the log

[root@testing deploy]# cat /usr/local/nginx/logs/error.log 2017/01/01 21:57:54 [error] 20552#0: 397411 connect() failed (111: Connection refused) while connecting to upstream, client: 173.245.50.159, server: example.com, request: "GET /df80f81238e3a2fee528100ea777ff4a4b99ba03 HTTP/1.1", upstream: "socks5://127.0.0.1:9050/df80f81238e3a2fee528100ea777ff4a4b99ba03", host: "example.com" 2017/01/01 21:57:55 [alert] 20127#0: worker process 20552 exited on signal 11 2017/01/01 21:57:56 [error] 20550#0: 397433 connect() failed (111: Connection refused) while connecting to upstream, client: 108.162.229.151, server: example.com, request: "GET /4dda81d88c3ceddbcf08a5a6202a680a1eb50722 HTTP/1.1", upstream: "socks5://127.0.0.1:9050/4dda81d88c3ceddbcf08a5a6202a680a1eb50722", host: "example.com" 2017/01/01 21:57:57 [alert] 20127#0: worker process 20550 exited on signal 11 2017/01/01 21:59:47 [error] 20555#0: 398595 connect() failed (111: Connection refused) while connecting to upstream, client: 141.101.69.36, server: example.com, request: "GET /search?f=everyday HTTP/1.1", upstream: "socks5://127.0.0.1:9050/search?f=everyday", host: "example.com" 2017/01/01 21:59:47 [alert] 20127#0: worker process 20555 exited on signal 11 2017/01/01 21:59:47 [error] 20557#0: 398607 connect() failed (111: Connection refused) while connecting to upstream, client: 141.101.69.108, server: example.com, request: "GET /search?f=Imax%20english HTTP/1.1", upstream: "socks5://127.0.0.1:9050/search?f=Imax%20english", host: "example.com" 2017/01/01 21:59:48 [alert] 20127#0: worker process 20557 exited on signal 11 2017/01/01 21:59:48 [error] 20560#0: 398614 connect() failed (111: Connection refused) while connecting to upstream, client: 141.101.69.216, server: example.com, request: "GET /f693e6303e797afc3dce48a31c46575c5a9ce57a HTTP/1.1", upstream: "socks5://127.0.0.1:9050/f693e6303e797afc3dce48a31c46575c5a9ce57a", host: "example.com" 2017/01/01 21:59:48 [alert] 20127#0: worker process 20560 exited on signal 11 2017/01/01 21:59:49 [error] 20551#0: 398622 connect() failed (111: Connection refused) while connecting to upstream, client: 141.101.69.36, server: example.com, request: "GET /search?f=mon HTTP/1.1", upstream: "socks5://127.0.0.1:9050/search?f=mon", host: "example.com" 2017/01/01 21:59:49 [error] 20561#0: 398624 connect() failed (111: Connection refused) while connecting to upstream, client: 173.245.50.159, server: example.com, request: "GET /f7b11081fcd6e72d4cc5a9aa43bcbd336ede22d6 HTTP/1.1", upstream: "socks5://127.0.0.1:9050/f7b11081fcd6e72d4cc5a9aa43bcbd336ede22d6", host: "example.com" 2017/01/01 21:59:49 [alert] 20127#0: worker process 20561 exited on signal 11 2017/01/01 21:59:50 [alert] 20127#0: worker process 20551 exited on signal 11 2017/01/01 21:59:55 [error] 20563#0: 398680 connect() failed (111: Connection refused) while connecting to upstream, client: 162.158.69.6, server: example.com, request: "GET /0b1cb8ea4a2aa41cca07b5a87d026f6d4d5c67f5 HTTP/1.1", upstream: "socks5://127.0.0.1:9050/0b1cb8ea4a2aa41cca07b5a87d026f6d4d5c67f5", host: "example.com" 2017/01/01 21:59:55 [alert] 20127#0: worker process 20563 exited on signal 11 2017/01/01 21:59:58 [error] 20565#0: 398719 connect() failed (111: Connection refused) while connecting to upstream, client: 108.162.229.199, server: example.com, request: "GET /search?f=10,5%20big HTTP/1.1", upstream: "socks5://127.0.0.1:9050/search?f=10,5%20big", host: "example.com" 2017/01/01 21:59:59 [alert] 20127#0: worker process 20565 exited on signal 11 2017/01/01 21:59:59 [error] 20553#0: 398728 connect() failed (111: Connection refused) while connecting to upstream, client: 108.162.221.55, server: example.com, request: "GET /a241b8d8a9f2b8d1ba0bba3338412ef7a6da0974 HTTP/1.1", upstream: "socks5://127.0.0.1:9050/a241b8d8a9f2b8d1ba0bba3338412ef7a6da0974", host: "example.com" 2017/01/01 21:59:59 [error] 20567#0: *398730 connect() failed (111: Connection refused) while connecting to upstream, client: 173.245.50.189, server: example.com, request: "GET /b0890b3e953ee03e59f0a150efe57d97831b81bb HTTP/1.1", upstream: "socks5://127.0.0.1:9050/b0890b3e953ee03e59f0a150efe57d97831b81bb", host: "example.com"

thanks.

dannote commented 7 years ago

Can I see your current configuration?

ghost commented 7 years ago

server { access_log /dev/null; listen my.ip.add.ress:80; server_name example.com;

location / {
    proxy_bind my.ip.add.ress;
    socks_pass socks5://127.0.0.1:9050;
    socks_set_host example.onion;
    socks_set_header Host example.onion; 

    socks_buffers 16 16k; 
    socks_buffer_size 32k;

    #hide headers 
    proxy_hide_header X-Powered-By;
    proxy_hide_header X-powered-by;

    #ignore headers
    proxy_ignore_headers X-Accel-Expires;

    #set our headers
    proxy_set_header Accept-Encoding "";
    proxy_set_header CF-Connecting-IP "";
    proxy_ssl_verify off;
    proxy_ssl_server_name on;
}

}

dannote commented 7 years ago

Well, mixing proxy_* and socks_* directives definitely won't work. You should use socks_* ones instead in this case.

ghost commented 7 years ago

you mean, i can use like this way

socks_bind my.ip.add.ress; socks_hide_header X-Powered-By;

socks_ignore_headers X-Accel-Expires;

socks_set_header Accept-Encoding ""; socks_set_header CF-Connecting-IP ""; socks_ssl_verify off; socks_ssl_server_name on;

thanks

ghost commented 7 years ago

update: i tried like above config. and still nginx was crashing, .onion website is down. thanks.

dannote commented 7 years ago

I see. Thank you for your report! I'll debug it as soon as I get some free time.

dannote commented 6 years ago

For those who is wondering whether is this project alive or not, a new release is coming soon!

gits7r commented 4 years ago

For those who is wondering whether is this project alive or not, a new release is coming soon!

anything yet? This module is really useful with today's internet architecture (CDN, multiple backend instances for high profile web services, etc.). Hope it will get more attention. I have just started using nginx these days specially for this module.