proxy_protocol send incorrect header
Rozhuk Ivan
rozhuk.im at gmail.com
Mon Oct 30 12:05:53 UTC 2023
Hi!
I got incorrect proxy header:
PROXY TCP4 172.16.0.208 unix:/var/run/nginx_443_test.sock 9795 0\r\nSSH-2.0-OpenSSH_9.3\r\n
Expect:
PROXY TCP4 172.16.0.208 172.16.0.254 9795 443\r\nSSH-2.0-OpenSSH_9.3\r\n
My config:
172.16.0.208 - initiator and tcp server on 4443 port.
172.16.0.254 - nginx host
initiator:
ssh root at 172.16.0.254 -p 443
tcp server on 4443: any app that can accept tcp and print received data.
nginx config:
========================================
# Set default for TLS and non TLS connections.
map $ssl_preread_protocol $upstream_proto_val {
"" unix:/var/run/nginx_443_test.sock;
default unix:/var/run/nginx_443_http.sock;
}
# ALPN map table.
map $ssl_preread_alpn_protocols $upstream_alpn_val {
default $upstream_proto_val;
"xmpp-client" unix:/var/run/nginx_443_xmpp.sock;
"xmpps-client" unix:/var/run/nginx_443_xmpp.sock;
"stun.turn" unix:/var/run/nginx_443_stun.sock;
"stun.nat-discovery" unix:/var/run/nginx_443_stun.sock;
}
# ALPN router.
server {
listen *:443 rcvbuf=1m sndbuf=1m so_keepalive=30m::10;
listen [::]:443 rcvbuf=1m sndbuf=1m so_keepalive=30m::10 ipv6only=on;
ssl_preread on;
#proxy_protocol $proxy_protocol_val;
proxy_protocol on;
proxy_pass $upstream_alpn_val;
}
server {
listen unix:/var/run/nginx_443_test.sock proxy_protocol rcvbuf=1m sndbuf=1m;
set_real_ip_from unix:;
proxy_protocol on;
proxy_pass 172.16.0.208:4443;
}
# Strip proxy protocol for xmpp.
server {
listen unix:/var/run/nginx_443_xmpp.sock proxy_protocol rcvbuf=1m sndbuf=1m;
proxy_protocol off;
proxy_pass 127.0.0.1:5223;
}
========================================
PS: it will be very nice if this "proxy_protocol $proxy_protocol_val;" will work. It does not accept vars, only static values from config.
More information about the nginx
mailing list