I'm running a local http server and local squid instance. A local http client opens a socket connecting to the squid instance, which seems to work. I then try to tunnel to the local http server by issuing the following http request:
CONNECT localhost:80 HTTP/1.1\r\n
which yields the response headers
Content-Language en
Content-Length 3612
Content-Type text/html;charset=utf-8
Date Thu, 21 Jun 2018 17:28:10 GMT
Mime-Version 1.0
Server squid/3.5.27
Vary Accept-Language
X-Squid-Error ERR_DNS_FAIL 0
with status 503.
I also tried connecting to 127.0.0.1, which yields this response:
Content-Language en
Content-Length 3433
Content-Type text/html;charset=utf-8
Date Thu, 21 Jun 2018 17:35:16 GMT
Mime-Version 1.0
Server squid/3.5.27
Vary Accept-Language
X-Squid-Error ERR_CONNECT_FAIL 111
My squid.conf looks like this:
http_port 3128
coredump_dir /var/spool/squid
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
acl any_host src all
acl all_dst dst all
http_access allow any_host
http_access allow all_dst
Is there a different way to tell squid to connect to localhost?
I found that what was failing what the localhost resolving to [::1] and not 127.0.0.1.
In order to bypass the /etc/hosts/ simply add the following to /etc/squid/hosts:
127.0.0.1 localhost
Then hosts_file /etc/squid/hosts in your squid.conf.
Of course the file can be put anywhere you would like.
Somehow squid tried to resolve localhost to 127.0.0.1, which ended up in a connection failure. Specifying [::1] instead of localhost, however, performs as expected.
In my case I was using the squid machine hostname (e.g. mysquid.proxy) and the problem was not related to the DNS resolutions because the squid machine could resolve itself correctly using its hostname.
The problem was rather caused by the configuration of an additional port in the same proxy. I was using squid as both forward proxy and reverse proxy with two different ports:
3128 - forward proxy
443 - reverse proxy
The client was connecting to the (forward) proxy mysquid.proxy:3128 and the request was something like:
CONNECT mysquid.proxy:443 HTTP/1.1
So the the reverse proxy port was used at the end.
However on that port it was configured a url_rewrite_program (a Perl script) to filter and change some path of specific url and such script was wrongly redirecting the request to a non-existant url which caused the error "503 Service Unavailable" in the client.
Related
my home have static IP but have with port 80,443 Block, I use port fowarding in router 8069 > odoo server port 443 > rever proxy 8069
SSL is ok, I'm using certbot over DNS, everytime I need to access odoo is,
hit https://erp.example.com:8069
Return [ERROR 503] https://erp.example.com/web
which nginx remove the port automatically,
hit https://erp.example.com:8069/web/login
Return [Success] https://erp.example.com:8069/web/login
when put full address port_number/ it does the work
is there any solution let nginx not to redirect what I input at address bar? I need keep the custom port
this isn't what I need, Nginx trying redirect to what I entered 8069 to 443 port, which 443 port has block by ISP
Recently i setup a server & using haproxy. Everything else runs smoothly but port 80 is not connecting. Here is the haproxy config file. Esp gives problem when certbot tries to renew. What am I missing here?
frontend backend.sample.com
bind *:80
# Test URI to see if its a letsencrypt request
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
bind 64.123.456.124:6684 ssl crt /etc/haproxy/certs/backend.sample.com.pem
default_backend webapps
backend webapps
balance roundrobin
server app01 64.123.456.124:5684
backend letsencrypt-backend
server letsencrypt 127.0.0.1:54321 ```
I have two web applications running on a server inside two separate docker containers, one of them is running on play framework server (java), while other is running on nginx (php). I am doing ssl termination in http mode at haproxy for the play app. I want to handle the ssl termination for other app at nginx.
Is it possible to configure haproxy in such a way, so that one front-end forwards the request in tcp mode, and another in http mode. Below is how my haproxy.cfg would look like.
frontend http-in
mode http
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
frontend https-in
# bind *:80
bind *:443 ssl crt /etc/ssl/certs/my_certificate_file.pem
reqadd X-Forwarded-Proto:\ https
# redirect scheme https code 301 if !{ ssl_fc }
mode http
option httpclose
option forwardfor
# Define hosts based on domain names
acl host_test_ssh hdr(host) -i playapp.domain.com
## figure out backend to use based on domainname
use_backend testssh if host_test_ssh
frontend http-in-other
bind *:80
mode tcp
option tcplog
redirect scheme https if !{ ssl_fc }
frontend https-in-estore
bind *:443
mode tcp
option tcplog
# Define hosts based on domain names
acl host_test_ssh hdr(host) -i nginxapp.domain2.com
## figure out backend to use based on domainname
use_backend other if host_test_ssh
I have not tried this but based on the documentation of 1.5 it should work. http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-mode
I have a computer at home running Ubuntu 10.10. I am trying to make a server and host my own website, and I am running a LAMP (Linux, Apache, MySql, PHP) server. But my IPS blocks incoming traffic on port 80. To get around this, I want my server to take HTTP requests from port 8080, in addition to port 80. But after I tried to add port 8080 to the accepted ports file, my browser cannot access it. It says "The server at mywebsite.com is taking too long to respond.". Does anyone know why it is timing out and not returning the webpage, or how I can fix this? Here is what I've done so far:
The port.conf file contains:
NameVirtualHost *:80
Listen 80
Listen 8080
The apache2.conf file contains:
# Include the virtual host configurations:
Include sites-enabled/
NameVirtualHost *:80
NameVirtualHost *:8080
The sites-available/default file contains:
<VirtualHost *:80 *:8080>
ServerAdmin webmaster#localhost
Lastly I restarted apache:
$: /etc/init.d/apache2 restart
All this, as far as I can tell, should add port 8080 to for HTTP requests. When I type in "localhost" or "localhost:8080" into the web browser, it returns my website. If I type in "mysite.com" or "mysite.com:80", the site also works. But my website does not work when I search for "mysite.com:8080"; rather it times out. The reason "mysite.com:80" works is because I am accessing the site from within my local network, so I don not need to go through the modem, which would block port 80. Does anyone know why this is not working?
FIX: I'm dumb and forgot to add port 8080 on the list of acceptable ports on my Ubuntu firewall.
Have you had a look at the requests with wireshark or something like that? localhost will be going through the loopback device, and I'm guessing that when you request mysite.com the request is going out over a real network device. Check whether the request is getting back in again from your network - port 8080 might be blocked somewhere else.
I'm new to Squid, and am investigating whether it would be able to accomplish a task at hand.
I need to "transpose" port 80 of a static IP to the port 1088 on a dynamic IP that has a hostname pointer though no-ip.com. In other words:
somedomain.com has an A record 1.2.3.4
someotherdomain.com a dynamic A record (updated via no-ip.com)
the static IP 1.2.3.4 is served by a proxy (such as Squid?) at port 80 which, when accessed (http://www.somedomain.com), relays the request to someotherdomain.com:1088 and displays it as if it came from 1.2.3.4 (somedomain.com).
somedomain.com cannot be used as a general proxy to access other locations than someotherdomain.com; in fact, the relay in the back-end should be transparent to the user accessing somedomain.com
Thanks for any insights on this!
Ville
What you are looking for is a reverse proxy and yes, Squid can do that.
http_port 1.2.3.4:80 accel defaultsite=www.somedomain.com
cache_peer someotherdomain.com parent 1088 0 no-query originserver
Apache can as well with mod_proxy:
<VirtualHost 1.2.3.4:80>
ServerName www.somedomain.com
DocumentRoot c:/docroot
ProxyPass / http://someotherdomain.com:1088/
ProxyPassReverse / http://someotherdomain.com:1088/
</VirtualHost>