On Sunday 19 Feb 2012 18:15:46 Mick wrote:
> Hi All,
> 
> I am trying to set up a reverse-proxy at my home to be able to by-pass
> restrictive firewalls that only allow http/https traffic.
> 
> So I configured nginx as a reverse-proxy to send connections to the sshd at
> the home server.  However, I fail to establish a connection.  The
> connection attempt errors out with:
> 
> $ ssh root@192.168.1.5
> SSL enabled
> Connected to XXX.XX.XXX.XX:443 (local proxy)
> 
> Tunneling to 192.168.1.5:22 (destination)
> Communication with local proxy:
>  -> CONNECT 192.168.1.5:22 HTTP/1.0
>  -> Proxy-Connection: Keep-Alive
> analyze_HTTP: readline failed: Connection closed by remote host
> ssh_exchange_identification: Connection closed by remote host
> 
> where XXX is the public IP address of my server.
> 
> the proxy tunnel command is as follows:
> 
>  /usr/bin/proxytunnel -v -e -p XXX.XX.XXX.XX:443 -R user:'secretpasswd' -d
> 192.168.1.5:22
> 
> The relevant nginx entries are as follows:
> ================================
>     upstream tunnel {
>         server 127.0.0.1:22;
>         }
> 
>     server {
>         listen       443;
>         server_name  localhost;
> 
>         ssl                  on;
>         ssl_certificate      certs/cert.pem;
>         ssl_certificate_key  certs/cert.key;
>         ssl_session_timeout  5m;
>         keepalive_timeout       70;
> 
>         location /  {
>                 auth_basic      "Restricted";
>                 auth_basic_user_file    .htpasswd_slug;
> #               proxy_pass http://tunnel;
>                 proxy_pass http://127.0.0.1;
>                 proxy_buffering off;
>                 proxy_set_header Host $host;
>                 proxy_set_header X-Real-IP $remote_addr;
>                 proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for; proxy_redirect off;
>         }
> }
> ================================
> 
> 
> The nginx error logs don't show anything, so I'm thinking there's something
> that the sshd does not like, but even when I increase the debug level in
> the sshd_config nothing shows up.  This means that the remote client never
> reaches as far as the sshd server (nginx and sshd are both running on the
> same host).
> 
> Any idea what causes this problem?

Could it be that the ssd does not like http/1.0 connections?

> Tunneling to 192.168.1.5:22 (destination)
> Communication with local proxy:
>  -> CONNECT 192.168.1.5:22 HTTP/1.0

Is it possible to configure a proxy connection from nginx without the http 
headers?
-- 
Regards,
Mick