Score:0

"Received HTTP code 400 from proxy after CONNECT", trying to put mitmproxy behind nginx

cn flag

I have a mitmproxy running on port 2011. I can use it by itself, with curl -x http://127.0.0.1:2011 google.com. However, I now want to put it behind nginx under the domain name proxy.history.test. However, doing curl -x http://proxy.history.test:80 google.com -L -v fails with

* Received HTTP code 400 from proxy after CONNECT
* CONNECT phase completed!
* Closing connection 1
curl: (56) Received HTTP code 400 from proxy after CONNECT

My nginx.conf:

worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /dev/null;

daemon off;

events {
    worker_connections  1024;
}


http {

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    map $http_host $service_port {
        hostnames;
        default '';


        proxy.history.* 2011;
        }

    proxy_temp_path ./tmp;
    access_log /dev/null;
    ssl_certificate ./cert.pem;
    ssl_certificate_key ./key.pem;
    #proxy_set_header Host localhost;
    client_body_temp_path ./tmp;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    client_max_body_size 50m;


    server {
            listen       127.0.0.1:443 ssl;
    
            server_name  *.test;
    
            location / {

                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $host;
                proxy_set_header X-NginX-Proxy true;
                
                proxy_pass http://127.0.0.1:$service_port;

            }
        }



        server {
                    listen       127.0.0.1:80;
                    
                    server_name  *.test;
                    

                    return 302 https://$http_host$request_uri;

                }

    

        
}

(I have to specify :80 in the curl command, because otherwise, it will try to connect to port 1080, for some reason).

Score:0
jp flag

nginx is a reverse proxy and not a forward proxy and doesn't support HTTP CONNECT method. You'll need to find a third-party nginx module to support CONNECT.

cn flag
Does `nginx` have to be recompiled for that module, or can it be loaded in dynamically (like DKMS)?
Marcel avatar
gb flag
Nginx can work as a transparent forwarding proxy with the TCP/UDP Stream module. But only for one specific destination, not dynamically forwarded. For that the proxy_connect module from the previous comment is needed.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.