ngx_stream_ssl_preread_module does not seem to extract the server_name when connecting with openconnect
Thomas Glanzmann
thomas at glanzmann.de
Thu Dec 15 16:22:00 UTC 2016
Hello,
> How can someone debug ngx_stream_ssl_preread_module?
put the following line in the stream section:
error_log /var/log/nginx/sni_error.log debug;
Once done I found out that
2016/12/15 17:09:00 [error] 21043#0: *7426 recv() failed (104: Connection reset by peer) while proxying connection, client: 17.198.249.166, server: 88.198.249.254:443, upstream: "88.198.249.254:4443", bytes from/to client:0/0, bytes from/to upstream:0/316
And in my syslog I found out:
daemon:Dec 15 17:09:00 infra ocserv[21622]: worker: worker-proxyproto.c:156: proxy-hdr: invalid v2 header
daemon:Dec 15 17:09:00 infra ocserv[21622]: worker: worker-vpn.c:560: could not parse proxy protocol header; discarding connection
daemon:Dec 15 17:09:00 infra ocserv[18385]: main: 88.198.249.254:55976 user disconnected (reason: unspecified, rx: 0, tx: 0)
So it seems that the problem is that ocserv can't parse nginx proxy protocol
header. I'll dig deeper and report back once a solution is found.
Cheers,
Thomas
More information about the nginx
mailing list