-
Notifications
You must be signed in to change notification settings - Fork 503
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it possible to relay the request to another proxy? #210
Comments
Here is a solution: Use nginx
|
I am also trying to connect: [Client] -> [Nginx forward proxy + Cache] -> [Proxy Server]. |
Sad to find this thread over 2 years later and no updates :-( |
The Stream module is a good way to resolve this issue (see #210 (comment)). This module is designed only for the HTTP CONNECT tunnel method and is not a complete solution for many complex scenarios. From my experience discussing with users on GitHub, many try to find a complete solution for their specific scenario. While I provide solutions when possible, some requests are beyond this module's capability. For example #210 (comment), caching content in requests goes against the module's design philosophy. It is intended to be a traffic proxy, not to unpack and manipulate traffic, as this would make the implementation complex and unstable. It would also require more work technically and in terms of user experience (e.g., only specific types of content packets could be unpacked). |
But I still welcome everyone to discuss. If certain features do not go against the original design, they can be incorporated into this module. From user's scenarios, I have discovered many interesting use cases that I hadn't initially considered, even though they sometimes exceed the capabilities of this module. |
For example we have a client
C
, an HTTPS siteS
, and two nginx proxy serversA
andB
:C
sends HTTPS request to proxy serverA
.A
proxies the request through another proxy serverB
.B
proxies the request to the real site serverS
.I expect the network topo should be like this:
So I configured like the following:
Proxy
A
(192.168.130.7 a.proxy.example.com):Proxy
B
(192.168.130.1 b.proxy.example.com):Then test on client
C
like this:But the request failed:
While, directly call server through proxy
B
is OK:It seems like the actually network flow is like this:
It seems that, proxy
A
received CONNECT request fromC
, but only established connection toB
. And the following HTTPS client HELLO request sent byC
toA
were simply forwarded toB
. However,B
expected a plain HTTP request, so it couldn't recognize the binary HELLO request, and responded a plain HTTP 400 error response toA
. AndA
simply forwarded the response toC
.C
treated it as an HTTPS server HELLO response and tried to parse the TLS negotiation information from the packet. Obviously it ended up with a failure.On the other hand, commenting out the
proxy_connect_address
line is also not the desired solution. As it seems to causeA
to try to establish TCP connection withS
by itself, and then forward the following packets toS
directly. If DNS resolver is not configured,A
will be unable to resolve the address ofS
. And thus unable to establish the connection, which lead to a 502 error.The question is, is there any way for
A
to simply forward the CONNECT request toB
and leave the connection-establishing job to the later, and to forward the following packets toB
and letB
forward them toS
?The text was updated successfully, but these errors were encountered: