ngx_stream_socks_module
ngx_stream_socks_module copied to clipboard
oowl
second user defined by `socks_user_passwd` cannot be used if len(first_user_password) != len(second_user_password)
Having a config like
stream {
resolver 8.8.8.8 ipv6=off;
log_format socks 'socks: $socks_connect_addr $socks_name $socks_protocol [$time_local] $remote_addr';
server {
listen 0.0.0.0:1080 ssl;
...
socks;
socks_user_passwd maria aaa;
socks_user_passwd ilya bbbb;
access_log /var/log/nginx/socks_access.log socks;
}
}
Second user gets an error with this curl command:
$ curl -is --proxy https://ilya:bbbb@localhost:1080 https://ifconfig.me
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Test Basic Auth"
On the other hand, if the second password is bbb, not bbbb in the config, everything work fine:
$ curl -is --proxy https://ilya:bbb@localhost:1080 https://ifconfig.me
HTTP/1.0 200 Connection established
HTTP/2 200
access-control-allow-origin: *
content-type: text/plain; charset=utf-8
content-length: 13
date: Tue, 14 Mar 2023 16:44:50 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
server: istio-envoy
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
...
How to reproduce:
- ubuntu 22.04.1
- the config:
$ sudo nginx -V
nginx version: nginx/1.23.3
built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04)
built with OpenSSL 3.0.2 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --add-module=/home/sa/nginx_build/ngx_stream_socks_module --with-stream_realip_module --with-stream_ssl_module --with-cc-opt='-g -O2 -ffile-prefix-map=/home/sa/nginx_build/nginx-1.23.3=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
The nginx is built from the ubuntu repo here https://nginx.org/en/linux_packages.html with
# get sources
$ apt-get source nginx
# add github.com/attenuation/ngx_stream_socks_module to configure
$ sed -i 's+--with-stream +--with-stream --add-module=/home/sa/nginx_build/ngx_stream_socks_module +g' debian/rules
# build it
$ debian/rules build
The ngx_stream_socks_module commit is used:
$ git log -1
commit acf31be0a046edf42518958b7a322e5367734761 (HEAD -> main, tag: 0.1.0, tag: 0.1, origin/main, origin/HEAD)
Author: Jun Ouyang <[email protected]>
Date: Mon Jan 9 22:43:41 2023 +0800
update readme
@muravjov Thanks for your issues, I will check these issues and try to resolve them later.
