Блог

Главная - Вопросы по программированию - Прокси-сервер Nginx возвращает http 400 после подключения

Прокси-сервер Nginx возвращает http 400 после подключения

#nginx #proxy

Вопрос:

Я пытаюсь создать https-прокси на движке nginx. И когда я тестирую его на разных сайтах — я всегда получаю два HTTP-кода — 302 — перенаправление на схему https и 400 после подключения

конфигурация прокси-сервера

 server {
    error_log /var/log/nginx/nginx.err;
    access_log /var/log/nginx/nginx.acc;
    resolver 127.0.0.53;
    listen 80; #default_server;
    listen 443 ssl default_server;

    server_name proxy;

    ssl_certificate         /etc/letsencrypt/live/proxy/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/proxy/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/proxy/chain.pem;

    proxy_ssl_certificate /etc/letsencrypt/live/proxy/fullchain.pem;
    proxy_ssl_certificate_key /etc/letsencrypt/live/proxy/privkey.pem;
    proxy_ssl_trusted_certificate /etc/letsencrypt/live/proxy/chain.pem;

    large_client_header_buffers 1 128k;

    proxy_ssl_verify        on;
    proxy_ssl_session_reuse off;

    ssl_verify_client off;
    ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;


    location / {
        proxy_http_version 1.1;
        proxy_set_header        Connection          "";
        proxy_set_header        HOST                $host;
        proxy_set_header        X-Forwarded-Proto   $scheme;
        proxy_set_header        X-Real-IP           $remote_addr;
        proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header        Access-Control-Allow-Origin *;
        proxy_buffering                 on;
        proxy_buffers     8 16k;
        proxy_buffer_size 16k;
        proxy_pass                          http://$host$request_uri;
        proxy_read_timeout                  1800;
    }
}

curl -x localhost:80 goo.gl -I -L вывод (goo.gl — например, но у меня есть эта проблема для каждого сайта)

 HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 Sep 2021 12:32:42 GMT
Content-Type: application/binary
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Location: https://goo.gl/
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

HTTP/1.1 400 Bad Request
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 Sep 2021 12:32:42 GMT
Content-Type: text/html
Content-Length: 166
Connection: close

тот же вывод завитка с -v 

 *   Trying ::1:80...
* TCP_NODELAY set
* connect to ::1 port 80 failed: Connection refused
*   Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> HEAD http://goo.gl/ HTTP/1.1
> Host: goo.gl
> User-Agent: curl/7.68.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Server: nginx/1.18.0 (Ubuntu)
Server: nginx/1.18.0 (Ubuntu)
< Date: Fri, 10 Sep 2021 12:34:02 GMT
Date: Fri, 10 Sep 2021 12:34:02 GMT
< Content-Type: application/binary
Content-Type: application/binary
< Content-Length: 0
Content-Length: 0
< Connection: keep-alive
Connection: keep-alive
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
Pragma: no-cache
< Expires: Mon, 01 Jan 1990 00:00:00 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
< Location: https://goo.gl/
Location: https://goo.gl/
< X-XSS-Protection: 0
X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff

< 
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'https://goo.gl/'
* Hostname localhost was found in DNS cache
*   Trying ::1:80...
* TCP_NODELAY set
* connect to ::1 port 80 failed: Connection refused
*   Trying 127.0.0.1:80...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#1)
* allocate connect buffer!
* Establish HTTP proxy tunnel to goo.gl:443
> CONNECT goo.gl:443 HTTP/1.1
> Host: goo.gl:443
> User-Agent: curl/7.68.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
< Server: nginx/1.18.0 (Ubuntu)
Server: nginx/1.18.0 (Ubuntu)
< Date: Fri, 10 Sep 2021 12:34:02 GMT
Date: Fri, 10 Sep 2021 12:34:02 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 166
Content-Length: 166
< Connection: close
Connection: close
< 

* Received HTTP code 400 from proxy after CONNECT
* CONNECT phase completed!
* Closing connection 1
curl: (56) Received HTTP code 400 from proxy after CONNECT

If I do curl without a proxy, then it will contain messages with successful TLS handshakes

Метки: