https and nginx as forward proxy

Igor Sysoev is at rambler-co.ru
Tue Oct 20 10:12:56 MSD 2009


On Tue, Oct 20, 2009 at 12:51:02PM +0800, 冉兵 wrote:

> Hi,
> 
> I was experimenting using nginx as forward proxy with the conf as attached. 
> 
> Regular http requests were passed fine. But any https were rejected right away. Firewall was disabled on the proxy server. 
> 
> Here was the trace with curl, where the proxy runs on 192.168.4.217:81 
> 
> -------------------------------------8<-----------------------------------------
> $ curl -v -x 192.168.4.217:81 https://jersey.dev.java.net/
> * About to connect() to proxy 192.168.4.217 port 81 (#0)
> *   Trying 192.168.4.217... connected
> * Connected to 192.168.4.217 (192.168.4.217) port 81 (#0)
> * Establish HTTP proxy tunnel to jersey.dev.java.net:443
> > CONNECT jersey.dev.java.net:443 HTTP/1.0
> > Host: jersey.dev.java.net:443
> > User-Agent: curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3 OpenSSL/0.9.8k zlib/1.2.3 libssh2/0.15-CVS
> > Proxy-Connection: Keep-Alive
> >
> < <html>
> < <head><title>400 Bad Request</title></head>
> < <body bgcolor="white">
> < <center><h1>400 Bad Request</h1></center>
> < <hr><center>nginx/0.8.20</center>
> < </body>
> < </html>
> * Proxy CONNECT aborted
> * Closing connection #0
> curl: (56) Proxy CONNECT aborted
> -------------------------------------8<-----------------------------------------

CONNECT differs from other HTTP methods.

> Here is the conf file. The prebuilt Nginx 0.8.20 runs on Windows 2003.
> -------------------------------------8<-----------------------------------------
> worker_processes  1;
> 
> events {
>     worker_connections  1024;
> }
> 
> 
> http {
>     include       mime.types;
>     sendfile        on;
> 
>     resolver 208.67.220.220;
> 
>     server {
>         listen       81;
>         location / {
>               proxy_pass $scheme://$http_host$request_uri;
>         }
> 
>     }
> 
> }
> -------------------------------------8<-----------------------------------------
> 
> I suspect Nginx has not been designed to be used as a forward proxy. If nginx won't foot the bill, can anyone recommend a free solution please?

Yes, nginx has not been disigned as a forward proxy. You should try squid
which was a forward proxy from the very start.


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list