Request: upstream via a SOCKS proxy

Tom van der Woerdt info at tvdw.eu
Fri Jan 25 11:37:42 UTC 2013


As far as I know, the tcp proxy module intends to be a reverse proxy for 
any tcp connection, while my SOCKS suggestion would be to support 
forward proxies in proxy_pass, uwsgi_pass, fastcgi_pass, etc.

Tom


Op 1/25/13 4:45 AM, ??? schreef:
> I have no idea about the SOCK4a/SOCK5 protocol. Is it similar with the 
> tcp proxy module? https://github.com/yaoweibin/nginx_tcp_proxy_module
>
> 2013/1/24 Tom van der Woerdt <info at tvdw.eu <mailto:info at tvdw.eu>>
>
>     Hi,
>
>     A project I'm working on has a backend server that, for security
>     reasons, can only be accessed via a SOCKS4a/SOCKS5 proxy. A
>     frontend server for this project (nginx) has one simple task: to
>     proxy all incoming connections to the backend server.
>
>     Right now, nginx cannot do this, because it has no support for
>     proxying upstream connections via a SOCKS proxy. The current
>     temporary workaround is to run another service on the frontend
>     machine that acts like a HTTP server but proxies the data to the
>     backend - basically everything I'd like nginx to do. I cannot use
>     this service as my main frontend, because there are a few other
>     files that also need to be served.
>
>     SOCKS4a and SOCKS5 are really easy protocols and are basically
>     just sockets but with an alternate handshake (skip the DNS lookup,
>     send the hostname to the socket instead). Since they should be so
>     easy to implement, I'm requesting that on this mailing list.
>
>     I was thinking of a config file that would look something like this :
>
>         upstream backend {
>             server hidden_dns.local socks4=127.0.0.1:1234
>     <http://127.0.0.1:1234>;
>         }
>
>         server {
>             location / {
>                 proxy_pass http://backend;
>             }
>         }
>
>     As far as I'm aware, this feature wouldn't break anything, since a
>     SOCKS connections behaves just like any other normal socket.
>
>     Thanks for considering,
>     Tom van der Woerdt
>
>
>     _______________________________________________
>     nginx-devel mailing list
>     nginx-devel at nginx.org <mailto:nginx-devel at nginx.org>
>     http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
>
>
>
> -- 
> Weibin Yao
> Developer @ Server Platform Team of Taobao
>
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130125/52d96932/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3729 bytes
Desc: S/MIME-cryptografische ondertekening
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130125/52d96932/attachment-0001.bin>


More information about the nginx-devel mailing list