search

kalaksi / docker-tinyproxy

Docker container for Tinyproxy
MIT License
65 stars 24 forks source link

Deploying to render.com not tunneling correctly #12

Closed luisorbaiceta closed 7 months ago

luisorbaiceta commented 9 months ago

I have deployed to render.com just providing the docker registry url and adding de ALLOWED_NETWORKS environment variable but tinyproxy is not working as expected.

By default Render detects the exposed port (8888).

Problem seems to be that Render automatically redirects requests to a secure connection (443) which routes to the desired port. This results in a curl: (56) CONNECT tunnel failed, response 400

Am I missing something with the configuration? Has anyone tried this in some service before and got it working? A guide on how to deploy to a hosting service would be awesome and if I solve this I'm willing to take the lead on that.

To reproduce

  1. Create a render.com account (is free and there is no need to provide payment method)
  2. Create a New Web Service
  3. Deploy an existing image from registry
  4. Provide the registry url: docker.io/kalaksi/tinyproxy
  5. Add ALLOWED_NETWORKS env variable
  6. curl -x https://app-name.onrender.com https://google.com

Error

curl -v -x https://my-app-name.com https://google.com
*   Trying XXX.XX.XX.X:443...
* Connected to my-app-name.onrender.com (XXX.XX.XX.X) port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/8.4.0
> Proxy-Connection: Keep-Alive
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
< HTTP/1.1 400 Bad Request
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
< Server: cloudflare
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
< Date: Thu, 28 Dec 2023 17:27:50 GMT
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
< Content-Type: text/html
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
< Content-Length: 155
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
< Connection: close
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
< CF-RAY: -
* schannel: enough decrypted data is already available
* schannel: enough decrypted data is already available
<
* CONNECT tunnel failed, response 400
* Closing connection
* schannel: shutting down SSL/TLS connection with my-app-name.com port 443
curl: (56) CONNECT tunnel failed, response 400
luisorbaiceta commented 9 months ago

Even if I set the ConnectPort to 0 I keep getting the same error

kalaksi commented 9 months ago

I have no idea how to handle that situation, sorry. I did find a lot of useful information here: https://github.com/tinyproxy/tinyproxy/issues/388. It seems tinyproxy doesn't support listening using HTTPS and you'd need something like stunnel in front of it as suggested. Makes sense as there isn't any configuration options for HTTPS server certificate in tinyproxy either.

If you manage to get something to work, I'll gladly include the relevant changes.

kalaksi commented 9 months ago

It would probably be simpler if render.com would allow controlling the redirection behavior though.

luisorbaiceta commented 9 months ago

Message received from the render.com team

Hi,

Proxies are against our Acceptable Use Policy.

Kind regards