ngx_http_proxy_connect_module
ngx_http_proxy_connect_module copied to clipboard
chobits
502 Errors with patch 1018
Ⅰ. Issue Description
Intermittent 502 errors when using openresty 1.17.8.2 with 1018.path.
Ⅱ. Describe what happened
root@a86d47344729:/openresty-1.17.8.2# curl -x localhost:3128 https://www.example.com
curl: (56) Received HTTP code 502 from proxy after CONNECT
Ⅲ. Describe what you expected to happen
I expected the requests to be proxied through localhost:3128.
Ⅳ. How to reproduce it (as minimally and precisely as possible)
Dockerfile:
from ubuntu:20.04
run apt-get update
run apt-get install -y curl
run apt-get install -y wget
run apt-get install -y libpcre3-dev
run apt-get install -y zlib1g-dev
run apt-get install -y build-essential
run apt-get install -y curl
run wget https://openresty.org/download/openresty-1.17.8.2.tar.gz
run tar -zxvf openresty-1.17.8.2.tar.gz
run curl -L https://github.com/chobits/ngx_http_proxy_connect_module/archive/master.tar.gz | tar xz
workdir /openresty-1.17.8.2
run apt-get install -y libssl-dev
run ./configure --add-module=../ngx_http_proxy_connect_module-master
run patch -d build/nginx-1.17.8/ -p 1 < ../ngx_http_proxy_connect_module-master/patch/proxy_connect_rewrite_1018.patch
run make && make install
copy ./nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
cmd bash -c "/usr/local/openresty/nginx/sbin/nginx && bash"
nginx.conf:
error_log ./error.log;
http {
server {
listen 3128;
# dns resolver used by forward proxying
resolver 8.8.8.8;
# forward proxy for CONNECT request
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
# forward proxy for non-CONNECT request
location / {
proxy_pass http://$host;
proxy_set_header Host $host;
}
}
}
events {}
Ⅴ. Anything else we need to know?
nginx error.log:
2020/11/14 19:41:47 [crit] 10#0: *213 connect() to [2606:2800:220:1:248:1893:25c8:1946]:443 failed (99: Cannot assign requested address) while connecting to upstream, client: 127.0.0.1, server: , request: "CONNECT www.example.com:443 HTTP/1.1", host: "www.example.com:443"
2020/11/14 19:41:47 [error] 10#0: *213 proxy_connect: connection error while connecting to upstream, client: 127.0.0.1, server: , request: "CONNECT www.example.com:443 HTTP/1.1", host: "www.example.com:443"
Ⅵ. Environment:
- nginx version: openresty/1.17.8.2
- patch: 1018.patch
hi ,it means the module doesn't work , i guess u can only proxy http request .
This step wrong: "copy ./nginx.conf /usr/local/openresty/nginx/conf/nginx.conf"
u should copy the "objs/nginx" to "/usr/sbin/nginx" or add dynamic module "ngx_http_proxy_connect_module-master" copy the so file
Enabling debugging while building nginx pointed to a probable root cause being host addresses being IPv6. If your target host resolution includes IPv6 addresses then you will get 502s when the IPv6 address is attempted. Adding "ipv6=off" to your resolver line should be a functioning workaround until it is fixed in code.
Change this: resolver 8.8.8.8; To This: resolver 8.8.8.8 ipv6=off;
@scott-hiemstra Thanks for pointing out the workaround. I think I'm experiencing a similar issue (which vanishes when using ipv6=off) and I wonder if that's really a problem of this module. I can't see why a IPv6 address isn't usable with proxy_connect_address :thinking:
I see similar issue. Disabling ipv6 fixed it. But I noticed that resolver reports a list of IPs and proxy_connect tries only one IP from the list reported.
Is it possible to configure the proxy_connect to try all IPs reported by resolver - if some of the connection attempts failed - till one IP that succeeded is found?
