Nginx L4 Proxy Works with HTTPS but not with HTTP

Zareh Kasparian

1/29/23, 12:25 PM

I have the following configuration as L4 proxy over Nginx and everything works fine.

  stream {
 

    
    map $ssl_preread_server_name $name {
    hostnames;
    .ipchicken.com          $ssl_preread_server_name;
    .bbc.com                $ssl_preread_server_name;
    .bbc.co.uk              $ssl_preread_server_name;
    .bbci.co.uk             $ssl_preread_server_name;
    .neverssl.com           $ssl_preread_server_name;  #<-------
    
}


server {

    resolver 8.8.8.8;
    listen 443;
    ssl_preread on;
    proxy_connect_timeout 5s;
    proxy_pass $name:$server_port;
}

But when HTTP site is requested, like "http://neverssl.com/" Nginx is not responding. Any idea for this issue?

137

0 + 0

nginx

proxy

reverse-proxy

proxypass

Ivan Shatsky

1/29/23, 1:09 PM

`http://` scheme uses TCP port 80, while your server block is listening on port 443.

Zareh Kasparian

1/29/23, 4:56 PM

@IvanShatsky. Dear Ivan, Thanks for your reply. to be honest I want both HTTP and HTTPS to be routed through my proxy. Last time you have helped me to correct my configuration for HTTPS. I would be thankful if can guide me on how to have both configured in the same configuration file.

Zareh Kasparian

1/29/23, 4:58 PM

@IvanShatsky i think there should be something configured in ssl_preread_server_name;,

Score:1

Server

Ivan Shatsky

2/1/23, 10:30 AM

As far a I know ssl_preread directive works only with HTTPS protocol. I don't know how to get HTTP Host header value in the ngx_stream_core_module. You can try to use an additional server block in the http context like shown here:

http {
    ...
    map $http_host $proxy {
        hostnames;
        .neverssl.com    $http_host;
        ...
    }

    server {
        listen 80;
        resolver 8.8.8.8;
        location / {
            if ($proxy = '') { return 403; } # Return HTTP 403 Forbidden for unlisted domains
            proxy_set_header Host $proxy;
            proxy_redirect off;
            proxy_connect_timeout 5s;
            proxy_pass http://$proxy;
        }
    }
}

stream {
    ... # stream configuration for HTTPS port 443 here
}

There is no need to use $server_port variable at the stream server block, you are listening on the 443 port only, so you can just use proxy_pass $name:443;

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Nginx L4 Proxy Works with HTTPS but not with HTTP

TH: พร็อกซี Nginx L4 ใช้งานได้กับ HTTPS แต่ไม่ใช่กับ HTTP

RO: Nginx L4 Proxy Funcționează cu HTTPS, dar nu și cu HTTP

RU: Прокси-сервер Nginx L4 работает с HTTPS, но не с HTTP

VI: Proxy Nginx L4 Hoạt động với HTTPS nhưng không hoạt động với HTTP

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.