Transmission remote GUI proxy_protocol broken header

adrhc nginx-forum at
Thu Sep 22 09:54:35 UTC 2016

Hi, here's some clarifications:

What is the thing writing to nginx? (stunnel, I think)
stunnel according to the setup:
Transmission remote GUI:443 -> sshttp:443 -> stunnel:1443 ->
nginx: (no ssl, with listen ... proxy_protocol,
port_in_redirect on)

How is it configured?
accept =
connect =
protocol = proxy
sni =
connect =
renegotiation = no
debug = 5
cert = /home/adr/apps/etc/nginx/certs/
key = /home/adr/apps/etc/nginx/certs/
[tls to any http]
sni = tls:*
# using nginx proxy_protocol (is http though using 443!):
connect =
protocol = proxy

What version of proxy_protocol is stunnel writing?
it's the one from nginx 1.11.3 ...

Is "transmission" something other than a https client? - it's this:
transmission-daemon, 2.84-3ubuntu3, amd64, lightweight BitTorrent client
with this configuration in nginx:
location /transmission/ {
	proxy_redirect	/;
	proxy_set_header		Host;
	proxy_set_header		X-Real-IP				$remote_addr;
	proxy_set_header		X-Forwarded-For			$proxy_add_x_forwarded_for;
	client_max_body_size	10M;
	proxy_connect_timeout	120;
	proxy_read_timeout		300;

If it is trying to speak something other than http wrapped in tls,
it is unlikely that nginx will be able to process the requests.
I gues it tries not because it's working fine with but when stunnel is not involved e.g.:
Transmission remote GUI:443 -> sshttp:443 -> nginx: (with ssl,
without listen ... proxy_protocol, port_in_redirect off)

Posted at Nginx Forum:,269662,269744#msg-269744

More information about the nginx mailing list