Transmission remote GUI proxy_protocol broken header

adrhc nginx-forum at forum.nginx.org
Thu Sep 22 09:54:35 UTC 2016


Hi, here's some clarifications:

What is the thing writing to nginx? (stunnel, I think)
stunnel according to the setup:
Transmission remote GUI:443 -> sshttp:443 -> stunnel:1443 ->
nginx:127.0.0.1:443 (no ssl, with listen ... proxy_protocol,
port_in_redirect on)

How is it configured?
[tls]
accept = 192.168.1.31:1443
connect = 127.0.0.1:1081
protocol = proxy
[ssh]
sni = tls:tti.go.ro
connect = 127.0.0.1:22
renegotiation = no
debug = 5
cert = /home/adr/apps/etc/nginx/certs/adrhc.go.ro-server-pub.pem
key = /home/adr/apps/etc/nginx/certs/adrhc.go.ro-server-priv-no-pwd.pem
[tls to any http]
sni = tls:*
# using nginx proxy_protocol (is http though using 443!):
connect = 127.0.0.1:443
protocol = proxy

What version of proxy_protocol is stunnel writing?
it's the one from nginx 1.11.3 ...

Is "transmission" something other than a https client? - it's this:
transmission-daemon, 2.84-3ubuntu3, amd64, lightweight BitTorrent client
(daemon)
with this configuration in nginx:
# http://127.0.0.1:9091/transmission/web/
location /transmission/ {
	proxy_pass				http://127.0.0.1:9091/transmission/;
	proxy_redirect			http://127.0.0.1:9091/	/;
	proxy_cookie_domain		127.0.0.1:9091			adrhc.go.ro;
	proxy_set_header		Host					127.0.0.1:9091;
	proxy_set_header		X-Real-IP				$remote_addr;
	proxy_set_header		X-Forwarded-For			$proxy_add_x_forwarded_for;
	client_max_body_size	10M;
	proxy_connect_timeout	120;
	proxy_read_timeout		300;
}

If it is trying to speak something other than http wrapped in tls,
it is unlikely that nginx will be able to process the requests.
I gues it tries not because it's working fine with
https://adrhc.go.ro/transmission/ but when stunnel is not involved e.g.:
Transmission remote GUI:443 -> sshttp:443 -> nginx:127.0.0.1:1443 (with ssl,
without listen ... proxy_protocol, port_in_redirect off)

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269662,269744#msg-269744



More information about the nginx mailing list