0

I have a very simple setup. Three containers in docker that I want to communicate between, nothing else. Attacker (kali with nginx), reverse-proxy (alpine with nginx), and victim (alpine). I'd like to, inside victim, curl reverse-proxy and get attacker's website. So far I can get attacker's website directly by curl http://172.17.0.2:5555 and reverse-proxy's by curl http://172.17.0.3/ . But when I do curl http://172.17.0.3/merlin I get:

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

For reverse-proxy (172.17.0.3) my /etc/nginx/conf.d/default.conf :

server {
    listen       80;
    listen  [::]:80;
    server_name  proxy;

#access_log  /var/log/nginx/host.access.log  main;

location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
}

location /merlin {
    proxy_pass http://172.17.0.2:5555;
}
#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}



}

For attacker (172.17.0.2) my /etc/nginx/conf.d/default.conf :

server {
    listen       5555;
    listen  [::]:5555;
    server_name  localhost;

#access_log  /var/log/nginx/host.access.log  main;

location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
}


#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}




}

Grant Collins on youtube has managed something similar, but I just can't get it to work.

Wolfff
  • 11
  • http://172.17.0.3/merlin is passed to http://172.17.0.2:5555/merlin which is presumably why you get the 404 response. – Richard Smith May 10 '22 at 08:14
  • It is?? I'm sorry I don't see that, should I write proxy_pass differently or is it something in attacker default.conf? – Wolfff May 10 '22 at 09:09
  • See this Q&A – Richard Smith May 10 '22 at 09:45
  • I get it now, thank you! I need to add a rewrite if I want it to go to http://172.17.0.2:5555. I did it like this rewrite ^/merlin?$ / break; but that didn't work, though I'm sure it's just me not understanding how to write rewrites yet. Thanks again! – Wolfff May 10 '22 at 09:56
  • Actually all it took was adding a / in location like this: location /merlin { proxy_pass http://172.17.0.2:5555/; } Since that slash will "delete" the first part of uri(?) so it just becomes http://172.17.0.2/ – Wolfff May 10 '22 at 10:04

1 Answers1

1

As Richard noticed http://172.17.0.3/merlin is passed to http://172.17.0.2:5555/merlin which didn't exist, hence the 404. What I needed to do was to use a rewrite to change that. In my case changing proxy_pass http://172.17.0.2:5555; to proxy_pass http://172.17.0.2:5555/; sufficed. (answer as to why - here).

Wolfff
  • 11