Https and nginx as forward proxy

Server NGINX
1

Hi,

I was experimenting using nginx as forward proxy with the conf as
attached.

Regular http requests were passed fine. But any https were rejected
right away. Firewall was disabled on the proxy server.

Here was the trace with curl, where the proxy runs on 192.168.4.217:81

-------------------------------------8<-----------------------------------------
$ curl -v -x 192.168.4.217:81 https://jersey.dev.java.net/

  • About to connect() to proxy 192.168.4.217 port 81 (#0)
  • Trying 192.168.4.217… connected
  • Connected to 192.168.4.217 (192.168.4.217) port 81 (#0)
  • Establish HTTP proxy tunnel to jersey.dev.java.net:443

CONNECT jersey.dev.java.net:443 HTTP/1.0
Host: jersey.dev.java.net:443
User-Agent: curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3 OpenSSL/0.9.8k zlib/1.2.3 libssh2/0.15-CVS
Proxy-Connection: Keep-Alive

<
< 400 Bad Request
<
<

400 Bad Request


<
nginx/0.8.20
<
<

  • Proxy CONNECT aborted
  • Closing connection #0
    curl: (56) Proxy CONNECT aborted
    -------------------------------------8<-----------------------------------------

Here is the conf file. The prebuilt Nginx 0.8.20 runs on Windows 2003.
-------------------------------------8<-----------------------------------------
worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
sendfile on;

resolver 208.67.220.220;

server {
    listen       81;
    location / {
          proxy_pass $scheme://$http_host$request_uri;
    }

}

}
-------------------------------------8<-----------------------------------------

I suspect Nginx has not been designed to be used as a forward proxy. If
nginx won’t foot the bill, can anyone recommend a free solution please?

Any help is appreciated.

Bing

2

On Tue, Oct 20, 2009 at 12:51:02PM +0800, 冉兵 wrote:

  • About to connect() to proxy 192.168.4.217 port 81 (#0)
    <
    <

    400 Bad Request


    <
    nginx/0.8.20
    <
    <
  • Proxy CONNECT aborted
  • Closing connection #0
    curl: (56) Proxy CONNECT aborted
    -------------------------------------8<-----------------------------------------

CONNECT differs from other HTTP methods.

include       mime.types;
}

}
-------------------------------------8<-----------------------------------------

I suspect Nginx has not been designed to be used as a forward proxy. If nginx won’t foot the bill, can anyone recommend a free solution please?

Yes, nginx has not been disigned as a forward proxy. You should try
squid
which was a forward proxy from the very start.

3

Thanks Igor. I have successfully set up Apache web server as a forward
proxy.

From: “Igor S.” [email protected]
Sent: Tuesday, October 20, 2009 2:12 PM
To: [email protected]
Subject: Re: https and nginx as forward proxy

4

HI Igor:

Is there any schedule to support the feathure, forward proxy ?

thanks
NextHop

5

On Tue, Oct 20, 2009 at 10:33:43PM +0800, quan nexthop wrote:

HI Igor:

Is there any schedule to support the feathure, forward proxy ?

Not in near future: there is alreay good forward proxy Squid.