Transmission remote GUI proxy_protocol broken header
adrhc
nginx-forum at forum.nginx.org
Thu Sep 22 09:54:35 UTC 2016
Hi, here's some clarifications:
What is the thing writing to nginx? (stunnel, I think)
stunnel according to the setup:
Transmission remote GUI:443 -> sshttp:443 -> stunnel:1443 ->
nginx:127.0.0.1:443 (no ssl, with listen ... proxy_protocol,
port_in_redirect on)
How is it configured?
[tls]
accept = 192.168.1.31:1443
connect = 127.0.0.1:1081
protocol = proxy
[ssh]
sni = tls:tti.go.ro
connect = 127.0.0.1:22
renegotiation = no
debug = 5
cert = /home/adr/apps/etc/nginx/certs/adrhc.go.ro-server-pub.pem
key = /home/adr/apps/etc/nginx/certs/adrhc.go.ro-server-priv-no-pwd.pem
[tls to any http]
sni = tls:*
# using nginx proxy_protocol (is http though using 443!):
connect = 127.0.0.1:443
protocol = proxy
What version of proxy_protocol is stunnel writing?
it's the one from nginx 1.11.3 ...
Is "transmission" something other than a https client? - it's this:
transmission-daemon, 2.84-3ubuntu3, amd64, lightweight BitTorrent client
(daemon)
with this configuration in nginx:
# http://127.0.0.1:9091/transmission/web/
location /transmission/ {
proxy_pass http://127.0.0.1:9091/transmission/;
proxy_redirect http://127.0.0.1:9091/ /;
proxy_cookie_domain 127.0.0.1:9091 adrhc.go.ro;
proxy_set_header Host 127.0.0.1:9091;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_connect_timeout 120;
proxy_read_timeout 300;
}
If it is trying to speak something other than http wrapped in tls,
it is unlikely that nginx will be able to process the requests.
I gues it tries not because it's working fine with
https://adrhc.go.ro/transmission/ but when stunnel is not involved e.g.:
Transmission remote GUI:443 -> sshttp:443 -> nginx:127.0.0.1:1443 (with ssl,
without listen ... proxy_protocol, port_in_redirect off)
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269662,269744#msg-269744
More information about the nginx
mailing list