Score:0

Server

ssh local port forwarding not working when url is redirecting to https

yogihosting

10/27/23, 12:38 PM

I have a windows 10 home with Linux kali running inside it with vmware virtual machine software.

There is a local website that opens on url https://example.com in linux and has self signed certificate. I have added it's ip entry on etc/hosts file so that it opens on example.com.

The /etc/hosts file entry on linux:

192.168.49.2    example.com

This local website redirects to https url when opened on browser i.e. http://example.com =>>> https://example.com.

The website is hosted on kubernetes with the ingress code given below:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: first-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
  - hosts:
      - example.com
    secretName: myssl
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: first-service
            port:
              number: 8080

(I don't think ingress code is needed in the question but for the sake I gave it.)

The problem is that I cannot do ssh local port fowarding to it from my windows. The ssh script is:

ssh -L 9090:example.com:80 [email protected]

I get 404 Not Found nginx error.

I also tried with 443 port with the following command:

ssh -L 9090:example.com:443 [email protected]

In this case the error is:

400 Bad Request The plain HTTP request was sent to HTTPS port nginx

I also get error saying "The certificate chain was issued by an authority that is not trusted." when opening url - "https://localhost:9090/".

If I remove the redirection then the ssh local port redirection works fine and i am able to open the website on my windows browser with localhost:9090 url. This problem happens only when their is redirection.

How can I solve this problem?

1085

1 + 0

linux

ssl

ssh

https

redirect

Score:0

Server

Tilman Schmidt

10/28/23, 11:08 AM

In the first case, when your browser receives the redirect to https://example.com it tries to make a new connection to host example.com on port 443, the default https port. So if you wanted this to work you'd need to add a second port forwarding clause for https (eg. 443:example.com:443) to your ssh command line in addition to the existing one for http (9090:example.com:80).

Also, depending on your nginx configuration (which you didn't share), nginx may serve that site only for requests to hostname example.com, not localhost. So you may either have to add localhost as an alias name for the site in the nginx configuration, or add example.com with an IPv4 address of 127.0.0.1 to your Windows hosts file and use that in your browser.

In the second case, when you enter the URL http://localhost:9090 (or just localhost:9090) into your browser you instruct it to make an http (non-TLS) connection to port 9090, but you are forwarding that port to the https port 443 of the nginx server. So your browser ends up trying to talk http to the port on which nginx wants to talk https. If you want this scenario to work then you have to tell your browser to talk https instead of http, ie. enter the URL https://localhost:9090 instead of http://localhost:9090.

Note that, as in the first scenario, nginx may (depending on the configuration) only answer to the hostname example.com, and answer 404 Not found if addressed as localhost. The fix is the same as described above for the first case.

+ 5

yogihosting

10/28/23, 11:22 AM

I tried with 443 port also but i get error 400 Bad Request The plain HTTP request was sent to HTTPS port nginx.

Tilman Schmidt

10/28/23, 1:13 PM

Answer updated to match your updated question.

yogihosting

10/28/23, 3:53 PM

I tried your solution but could not get the solution. Here what I trid. I opened 2 command prompts. In the first I ssh - `ssh -L 9090:example.com:80 [email protected]` and in the second i ssh - `ssh -L 443:example.com:443 [email protected]`. Then i tried opening the url on windows chrome browser - `http://localhost:9090/` which gave "404 Not Found". `http://localhost:443/` gave "400 Bad Request". `https://localhost:9090/` gave "This site can’t provide a secure connection". `https://localhost:443/` gave "404 Not Found". Am I doing something wrong?

yogihosting

10/28/23, 3:57 PM

You have also said to add entry for 127.0.0.1 pointing to example.com on windows host file. I have question about this which is why we need this thing since I have done this on my Linux machine where the website is hosting. Also when I remove redirection from the site which opens only port 80 and not 443 so in that case the ssh command `ssh -L 9090:example.com:80 [email protected]` works perfectly and I can open the website with the url `http://localhost:9090` on my windows chrome browser. All this thing done without any entry of 127.0.0.1 pointing to example.com on windows host. Thank you.

yogihosting

10/28/23, 4:00 PM

Regarding nginx configuration. The website is hosted on kubernetes. The ingress code is now updated on the question. Thank you.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ssh local port forwarding not working when url is redirecting to https

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.