Request: upstream via a SOCKS proxy

Tom van der Woerdt info at tvdw.eu
Fri Jan 25 12:13:43 UTC 2013


Yes, I currently use a proxy like that, but it feels like a performance 
killer to do it like that. If implemented in nginx it could be so much 
faster.

About SOCKS implementations: as long as authentication isn't required, 
the handshake is really, really easy, especially version 4. The lack of 
a framing protocol makes it behave like any normal socket once the 
handshake is done.

Tom


Op 1/25/13 12:57 PM, Aleksandar Lazic schreef:
> Hi,
>
> There are some http2socks proxy out there.
>
> http://www.privoxy.org/
> http://www.privoxy.org/user-manual/config.html#SOCKS
>
> http://www.delegate.org/delegate/
> http://www.delegate.org/delegate/Manual.htm#SOCKS
>
> http://en.wikipedia.org/wiki/SOCKS#Translating_proxies
>
> The setup coul looks like
>
> client -> nginx  -> http-proxylistener -> socks-proxyrequester -> 
> socks-server
>
> OT: Sock5 is not so easy if you want to implement the full protocol, 
> imho.
>
> I Agree with you that this would be a nice upsteam module, even that I 
> don't
> need it at the moment.
>
> Cheers
> Aleks
> Am 23-01-2013 17:05, schrieb Tom van der Woerdt:
>> Hi,
>>
>> A project I'm working on has a backend server that, for security
>> reasons, can only be accessed via a SOCKS4a/SOCKS5 proxy. A frontend
>> server for this project (nginx) has one simple task: to proxy all
>> incoming connections to the backend server.
>>
>> Right now, nginx cannot do this, because it has no support for
>> proxying upstream connections via a SOCKS proxy. The current temporary
>> workaround is to run another service on the frontend machine that acts
>> like a HTTP server but proxies the data to the backend - basically
>> everything I'd like nginx to do. I cannot use this service as my main
>> frontend, because there are a few other files that also need to be
>> served.
>>
>> SOCKS4a and SOCKS5 are really easy protocols and are basically just
>> sockets but with an alternate handshake (skip the DNS lookup, send the
>> hostname to the socket instead). Since they should be so easy to
>> implement, I'm requesting that on this mailing list.
>>
>> I was thinking of a config file that would look something like this :
>>
>>     upstream backend {
>>         server hidden_dns.local socks4=127.0.0.1:1234;
>>     }
>>
>>     server {
>>         location / {
>>             proxy_pass http://backend;
>>         }
>>     }
>>
>> As far as I'm aware, this feature wouldn't break anything, since a
>> SOCKS connections behaves just like any other normal socket.
>>
>> Thanks for considering,
>> Tom van der Woerdt
>>
>>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3729 bytes
Desc: S/MIME-cryptografische ondertekening
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130125/95074e20/attachment.bin>


More information about the nginx-devel mailing list