0

Currently i have a setup, where dnsmasq is used as a dns server, which resolves an dns lookup, to my own servers IP address. Where SNIPORXY is listening on port 80 and 443 The configuration of the sniproxy is

listen 80 {
          proto http
          table proxy_sni
          access_log {
                     filename /var/log/sniproxy/http_access.log
                      priority notice
            }
}
listen 443 {
          proto tls
          table proxy_sni
          access_log {
                      filename /var/log/sniproxy/https_access.log
                       priority notice
           }
}
table proxy_sni {
            .* *
               }
 resolver {
          mode ipv4_only
  }

And i use ProxyChains to run sniproxy. Effectively, forwarding any requests received by sniproxy on port 80 or 442, to the proxies setup in the proxychains configuration.

    proxychains sniproxy -c /etc/sniproxy.conf -f

And the configuration of proxychains is

   dynamic_chain
   chain_len=1
   tcp_read_time_out 32000
   tcp_connect_time_out 11000
   [ProxyList]
   http   192.168.67.78   1080  username password
   socks5 192.168.67.67   1234  username password

And the following iptable rules are added

    iptables -t nat -I OUTPUT -p tcp -m owner --uid-owner $(whoami) -j RETURN
    iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j REDIRECT

Which successfully, work as intended.

I wanted to replicate the same setup, either using HAPORXY or NGINX , wanting to eliminate using both sniporxy and proxychains. But could not get it working.

Nginx config

    stream {

     upstream backend_d {
        # Round-robin load balancing
        server 11.21.4.216:12323;
        server 18.21.4.151:12323;
        }
     server {
        listen 80;
        proxy_protocol on;
        proxy_pass backend_d;
        proxy_ssl_server_name on;
        #proxy_set_header Authorization "Basic ZG5eRZG5z0sDmRuc2sRucw==";
        #proxy_pass_header Authorization;
        }

      server {
        listen 443;
        proxy_protocol on; 
        ##proxy_pass $name;
        ssl_preread on;
        proxy_pass backend_d;
        proxy_ssl_server_name on;
        ##proxy_set_header Authorization "Basic ZG5eRZG5z0sDmRuc2sRucw==";
        ##proxy_pass_header Authorization;
        }
}

Is it possible, to achieve the same functionality, using just dnsmasq and nginx, Basically, a reverse proxy (nginx), which forwards requests to another proxy (socks/http proxy that requires basic authentication). Without needing to terminate SSL on the nginx . Any help regarding would be greatly appreciated. Thanks

loxtic
  • 21
  • 1
    Do you have one domain who you want to forward to one proxy or do you have multiple domains, and do you want to forward those to one proxy or multiple proxies? – Turdie Dec 21 '23 at 18:48
  • @Turdie Not a single domain, a huge list of domains. For practical purposes, assume every request is forwarded to a proxy, from a pool of proxies. (round-robin style). And the proxies which the request is forwarded to, require user:pass credentials. – loxtic Dec 21 '23 at 19:26
  • if its regardless which domain will hit, just a invalid name would be a way to generate a default block and them using reverse proxy to forward the Request to a destination imho – djdomi Dec 21 '23 at 20:30
  • @djdomi Would appreciate, if you can elaborate further, or give any template for the config. Thanks. – loxtic Dec 22 '23 at 03:48
  • Does this answer your question? Nginx reverse proxy + URL rewrite – djdomi Dec 22 '23 at 05:28

0 Answers0