ngx_stream_ssl_preread_module does not seem to extract the server_name when connecting with openconnect
thomas at glanzmann.de
Thu Dec 15 16:22:00 UTC 2016
> How can someone debug ngx_stream_ssl_preread_module?
put the following line in the stream section:
error_log /var/log/nginx/sni_error.log debug;
Once done I found out that
2016/12/15 17:09:00 [error] 21043#0: *7426 recv() failed (104: Connection reset by peer) while proxying connection, client: 184.108.40.206, server: 220.127.116.11:443, upstream: "18.104.22.168:4443", bytes from/to client:0/0, bytes from/to upstream:0/316
And in my syslog I found out:
daemon:Dec 15 17:09:00 infra ocserv: worker: worker-proxyproto.c:156: proxy-hdr: invalid v2 header
daemon:Dec 15 17:09:00 infra ocserv: worker: worker-vpn.c:560: could not parse proxy protocol header; discarding connection
daemon:Dec 15 17:09:00 infra ocserv: main: 22.214.171.124:55976 user disconnected (reason: unspecified, rx: 0, tx: 0)
So it seems that the problem is that ocserv can't parse nginx proxy protocol
header. I'll dig deeper and report back once a solution is found.
More information about the nginx