ngx_http_proxy_connect_module icon indicating copy to clipboard operation
ngx_http_proxy_connect_module copied to clipboard

Published 20 hours ago verified publisher icon chobits

Received HTTP code 400 from proxy after CONNECT

Open Hightmar opened this issue 2 years ago • 1 comments

After applying the patch, compiling the module and loading the module into Nginx I get this error.

I compiled and added the module this way (I applied the patch correctly)

./configure --with-compat --add-dynamic-module=/root/ngx_http_proxy_connect_module make modules sudo mkdir /etc/nginx/modules sudo cp objs/*.so /etc/nginx/modules/ sudo cp objs/ ngx_http_proxy_connect_module.so /usr/share/nginx/modules/ sudo chmod 644 /usr/share/nginx/modules/ ngx_http_proxy_connect_module.so sudo chmod 644 /etc/nginx/modules/*.so

Nginx loads the module well

Describe what happened

root@raspberrypi:~# curl https://github.com/ -v -x 127.0.0.1:5000
*   Trying 127.0.0.1:5000...
* Connected to 127.0.0.1 (127.0.0.1) port 5000 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to github.com:443
> CONNECT github.com:443 HTTP/1.1
> Host: github.com:443
> User-Agent: curl/7.74.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 400 Bad Request
< Date: Thu, 16 Jun 2022 19:18:37 GMT
< Content-Type: text/html
< Content-Length: 150
< Connection: close
< Server: MyServer
<
* Received HTTP code 400 from proxy after CONNECT
* CONNECT phase completed!
* Closing connection 0
curl: (56) Received HTTP code 400 from proxy after CONNECT

Environment:

nginx 1.18.0 proxy_connect_rewrite_1018.patch

server {
     listen  5000;
     listen [::]:5000;
     # dns resolver used by forward proxying
     resolver  1.1.1.1;

     proxy_connect;
     proxy_connect_allow            443;
     proxy_connect_connect_timeout  10s;
     proxy_connect_read_timeout     10s;
     proxy_connect_send_timeout     10s;

     # forward proxy for non-CONNECT request
     location / {
        proxy_pass http://$http_host$uri$is_args$args;
       proxy_set_header Host $host;

     }
}

Hightmar avatar Jun 16 '22 19:06 Hightmar

Your original nginx binary file should be replaced by new nginx binary compiled with 1018 patch.

If your nginx binary compiled without 1018 patch, it will not handle CONNECT request.

nginx binary (patch source) tries to parse CONNECT request, the module( proxy connect module.so) tries to proxy data flow.

chobits avatar Jul 14 '22 02:07 chobits

I give a complete solution to 400 bad request issue, you can check it on :https://github.com/chobits/ngx_http_proxy_connect_module/issues/136#issuecomment-1264290051

chobits avatar Oct 01 '22 08:10 chobits