Resultant binary doesn't seem to have any ssl functionality included when building nginx from source to include this module.

Question

Resultant binary doesn't seem to have any ssl functionality included when building nginx from source to include this module.

svantiniho41 opened this issue 5 months ago · 1 comments

Ⅰ. Issue Description

I built the as per the instructions mentioned in the readme with the exception that im using nginx 1.25.2 instead of 1.9:

$ wget http://nginx.org/download/nginx-1.25.2.tar.gz
$ tar -xzvf nginx-1.25.2.tar.gz
$ cd nginx-1.25.2/
$ patch -p1 < /path/to/ngx_http_proxy_connect_module/patch/proxy_connect.patch
$ ./configure --add-module=/path/to/ngx_http_proxy_connect_module
$ make && make install

When using the below nginx.conf the server is unable to start due to missing ssl plugins:


http {

  server {
    listen                          3128 ssl;
	
    ssl_certificate        			/etc/ssl/certs/cert.crt;
    ssl_certificate_key    			/etc/ssl/certs/cert.key;
    ssl_session_cache    			shared:SSL:1m;

    access_log                      /dev/stdout;
    error_log                       /var/log/nginx/svr_error.log  notice;

    resolver                        8.8.8.8;

    proxy_connect;
    proxy_connect_allow             443 563;
    proxy_connect_connect_timeout   10s;
    proxy_connect_read_timeout      10s;
    proxy_connect_send_timeout      10s;

    location / {
      proxy_http_version 1.1;
      proxy_set_header Host $host;
      proxy_pass http://$host;
    }

    location /state {
      return 200 "ready";
    }
  }
}

Ⅱ. Describe what happened

This is the output when trying to validate nginx.conf using the newly created binary:

nginx -tv

nginx version: nginx/1.25.2
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /etc/nginx/nginx.conf:14
nginx: configuration file /etc/nginx/nginx.conf test failed
initializing proxy server...
nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /etc/nginx/nginx.conf:14

I did some extra research and then tried to compile it with the SSL modules described however was unsuccessful as shown below


The nginx binary made from the .configure shown below causes the server to give this error on all https and proxy forwarding requests: 

# Error: tunneling socket could not be established, statusCode=400 (e.g. in postman but all clients, curl, chrome etc get similar errors)

# Some relevant nginx proxy server logs in json format
{"time":"2024-07-27T03:19:24+00:00","req_ip":"172.17.0.1","req_usr":"","request":"CONNECT github.com:443 HTTP/1.1","status": "400","req_length": "165","body_bytes_sent":"255","request_time":"0.000","http_referer":"","http_user_agent":"PostmanRuntime/7.29.2","forwarded":""},
{"time":"2024-07-27T03:19:30+00:00","req_ip":"172.17.0.1","req_usr":"","request":"CONNECT github.com:443 HTTP/1.1","status": "400","req_length": "165","body_bytes_sent":"255","request_time":"0.000","http_referer":"","http_user_agent":"PostmanRuntime/7.29.2","forwarded":""},



./configure \
--add-module=./ngx_http_proxy_connect_module-master \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--sbin-path=/usr/sbin/nginx \
--with-threads \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-compat \
--with-pcre \
--with-pcre-jit \
--with-select_module \
--with-poll_module \
--with-zlib=./zlib-1.2.13 \
--with-openssl=./openssl-1.1.1s \
--with-openssl-opt=no-nextprotoneg \
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' \

Ⅲ. Describe what you expected to happen

Please advise as to how to compile nginx from source with both this proxy module as well as any missing ssl modules included.
Please provide a method can be used without resulting in us getting any of the errors related to tunneling socket failures or incorrect nginx config or if the .configure described above is not correct, please advise on how it can be corrected.

I have seen that there are quite a few ways to do it and wasn't sure which one is the most recommended.

Ⅳ. How to reproduce it (as minimally and precisely as possible)

Perform the steps mentioned on your readme to build nginx (but use 1.25.x) and run the resulting nginx binary that's generated using the nginx.conf snippet mentioned above.

Ⅵ. Environment:

Dockerized Ubuntu 22.04

Many thanks

Answer 1 · 2024-08-09T11:47:33.000Z

I've seen similar, I'd to include some http options in my configure command

./configure --with-http_ssl_module
--with-http_stub_status_module
--with-http_realip_module
--with-threads
--with-debug
--add-module=./ngx_http_proxy_connect_module
--add-module=./echo-nginx-module
&& make
&& make install

Seen this here
https://www.alibabacloud.com/blog/how-to-use-nginx-as-an-https-forward-proxy-server_595799

HTH,
Mark.