From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1S06Qn-0005bn-9h for garchives@archives.gentoo.org; Wed, 22 Feb 2012 07:16:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ED73CE1C70; Wed, 22 Feb 2012 07:15:51 +0000 (UTC) Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by pigeon.gentoo.org (Postfix) with ESMTP id AC51EE120B for ; Wed, 22 Feb 2012 07:14:29 +0000 (UTC) Received: by wgbdr12 with SMTP id dr12so6119563wgb.10 for ; Tue, 21 Feb 2012 23:14:28 -0800 (PST) Received-SPF: pass (google.com: domain of michaelkintzios@gmail.com designates 10.180.92.229 as permitted sender) client-ip=10.180.92.229; Authentication-Results: mr.google.com; spf=pass (google.com: domain of michaelkintzios@gmail.com designates 10.180.92.229 as permitted sender) smtp.mail=michaelkintzios@gmail.com; dkim=pass header.i=michaelkintzios@gmail.com Received: from mr.google.com ([10.180.92.229]) by 10.180.92.229 with SMTP id cp5mr32226872wib.8.1329894868965 (num_hops = 1); Tue, 21 Feb 2012 23:14:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=mVnVis9dV5hRo4eS69qxM2DGJ+SMKomfiOr6n6qOC9k=; b=NjGAoc23esec+UTU4kJ7R3/gGZgm+hjrcOBVVFUuvQfcNu70MRlDZKKjK6U10wGNgq 7XPh2SL3fXZo3faRHWa3sRPC45AlZ0QCf3SbH19x7DGMmO8sdTB40IfGxgJG0I68YdQD CKo85TKKLIwkO1BrcPRRg6bfDiCgE2wMpedrY= Received: by 10.180.92.229 with SMTP id cp5mr26714363wib.8.1329894868906; Tue, 21 Feb 2012 23:14:28 -0800 (PST) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id y6sm27223548wix.10.2012.02.21.23.14.27 (version=SSLv3 cipher=OTHER); Tue, 21 Feb 2012 23:14:27 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Re: [OT] Proxytunnel through nginx Date: Wed, 22 Feb 2012 07:14:25 +0000 User-Agent: KMail/1.13.7 (Linux/3.2.1-gentoo-r2; KDE/4.7.4; x86_64; ; ) References: <201202191815.55296.michaelkintzios@gmail.com> In-Reply-To: <201202191815.55296.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2408947.7Ox2jBcxe1"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201202220714.27145.michaelkintzios@gmail.com> X-Archives-Salt: 7867737e-94e7-4f62-a673-ce888d1b74cf X-Archives-Hash: 6e2ce45685883738f48d4f04dd45d2ea --nextPart2408947.7Ox2jBcxe1 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Sunday 19 Feb 2012 18:15:46 Mick wrote: > Hi All, >=20 > I am trying to set up a reverse-proxy at my home to be able to by-pass > restrictive firewalls that only allow http/https traffic. >=20 > So I configured nginx as a reverse-proxy to send connections to the sshd = at > the home server. However, I fail to establish a connection. The > connection attempt errors out with: >=20 > $ ssh root@192.168.1.5 > SSL enabled > Connected to XXX.XX.XXX.XX:443 (local proxy) >=20 > Tunneling to 192.168.1.5:22 (destination) > Communication with local proxy: > -> CONNECT 192.168.1.5:22 HTTP/1.0 > -> Proxy-Connection: Keep-Alive > analyze_HTTP: readline failed: Connection closed by remote host > ssh_exchange_identification: Connection closed by remote host >=20 > where XXX is the public IP address of my server. >=20 > the proxy tunnel command is as follows: >=20 > /usr/bin/proxytunnel -v -e -p XXX.XX.XXX.XX:443 -R user:'secretpasswd' -d > 192.168.1.5:22 >=20 > The relevant nginx entries are as follows: > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D > upstream tunnel { > server 127.0.0.1:22; > } >=20 > server { > listen 443; > server_name localhost; >=20 > ssl on; > ssl_certificate certs/cert.pem; > ssl_certificate_key certs/cert.key; > ssl_session_timeout 5m; > keepalive_timeout 70; >=20 > location / { > auth_basic "Restricted"; > auth_basic_user_file .htpasswd_slug; > # proxy_pass http://tunnel; > proxy_pass http://127.0.0.1; > proxy_buffering off; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for; proxy_redirect off; > } > } > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D >=20 >=20 > The nginx error logs don't show anything, so I'm thinking there's somethi= ng > that the sshd does not like, but even when I increase the debug level in > the sshd_config nothing shows up. This means that the remote client never > reaches as far as the sshd server (nginx and sshd are both running on the > same host). >=20 > Any idea what causes this problem? Could it be that the ssd does not like http/1.0 connections? > Tunneling to 192.168.1.5:22 (destination) > Communication with local proxy: > -> CONNECT 192.168.1.5:22 HTTP/1.0 Is it possible to configure a proxy connection from nginx without the http= =20 headers? =2D-=20 Regards, Mick --nextPart2408947.7Ox2jBcxe1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk9EldIACgkQVTDTR3kpaLZfAQCcCJgnJlURiQrONF8uCOV/aSYv rrcAoJDlchwUK8y90cmxbY7+MEzlN6cR =3wMH -----END PGP SIGNATURE----- --nextPart2408947.7Ox2jBcxe1--