[HELP NEEDED] Using nginx stream to proxy traffic and caddy as the backend. The connection cannot be established, but the reverse-proxy website works.

Question

[HELP NEEDED] Using nginx stream to proxy traffic and caddy as the backend. The connection cannot be established, but the reverse-proxy website works.

aaqq0pp opened this issue 5 months ago · 1 comments

Candyfile:

...
{
	auto_https off
    http_port 23999
    https_port 24000
    order forward_proxy before reverse_proxy
    servers {
        log_credentials
        listener_wrappers {
            proxy_protocol {
                timeout 10s
                allow 0.0.0.0/0
            }
            tls
        }
    }
}

http://naive.a.mydomain.com {
    redir https://naive.a.mydomain.com{uri}
}

12000:, naive.a.mydomain.com 
tls /my/cert/path/fullchain.pem /my/key/path/privkey.pem
    import LOG
	
    forward_proxy {
        basic_auth test test
        hide_ip
        hide_via
        probe_resistance
    }
    reverse_proxy https://www.baidu.com {
        header_up Host {http.reverse_proxy.upstream.hostport}
    }

The systemd log:
access via naive.a.mydomain.com：443

Aug 24 20:08:50 my-ubuntu caddy[17357]: {"level":"info","ts":1724501330.8256168,"logger":"http.log.access","msg":"NOP","request":{"remote_ip":"127.0.0.1","remote_port":"59524","client_ip":"127.0.0.1","proto":"HTTP/1.1","method":"CONNECT","host":"m.hotmail.com:443","uri":"m.hotmail.com:443","headers":{"Proxy-Authorization":["Basic dGVzdDp0ZXN0"],"User-Agent":["curl/7.54.0"],"Padding":["@[]]>]$+!!!!!!!!~~~~~~~~~~~~~"],"Proxy-Connection":["Keep-Alive"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"","server_name":"naive.a.mydomian.com"}},"bytes_read":0,"user_id":"","duration":0.000005319,"size":0,"status":0,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":24000\"; ma=2592000"]}}
Aug 24 20:09:14 my-ubuntu caddy[17357]: {"level":"info","ts":1724501354.1932955,"logger":"http.log.access","msg":"NOP","request":{"remote_ip":"127.0.0.1","remote_port":"39108","client_ip":"127.0.0.1","proto":"HTTP/1.1","method":"CONNECT","host":"zh.wikibooks.org:443","uri":"zh.wikibooks.org:443","headers":{"Padding":["!+}<}]+{!!!!!!!!~~~~~~~~~~~~~~~"],"Proxy-Connection":["Keep-Alive"],"Proxy-Authorization":["Basic dGVzdDp0ZXN0"],"User-Agent":["curl/7.54.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"naive.a.mydomian.com"}},"bytes_read":0,"user_id":"","duration":0.000004809,"size":0,"status":0,"resp_headers":{"Alt-Svc":["h3=\":24000\"; ma=2592000"],"Server":["Caddy"]}}
Aug 24 20:09:14 my-ubuntu caddy[17357]: {"level":"info","ts":1724501354.1936927,"logger":"http.log.access","msg":"NOP","request":{"remote_ip":"127.0.0.1","remote_port":"39112","client_ip":"127.0.0.1","proto":"HTTP/1.1","method":"CONNECT","host":"login.microsoftonline.com:443","uri":"login.microsoftonline.com:443","headers":{"Padding":[">+^![$(}!!!!!!!!~~~~~~"],"Proxy-Connection":["Keep-Alive"],"Proxy-Authorization":["Basic dGVzdDp0ZXN0"],"User-Agent":["curl/7.54.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"naive.a.mydomian.com"}},"bytes_read":0,"user_id":"","duration":0.000001613,"size":0,"status":0,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":24000\"; ma=2592000"]}}
Aug 24 20:09:14 my-ubuntu caddy[17357]: {"level":"info","ts":1724501354.1939662,"logger":"http.log.access","msg":"NOP","request":{"remote_ip":"127.0.0.1","remote_port":"39118","client_ip":"127.0.0.1","proto":"HTTP/1.1","method":"CONNECT","host":"www.google.com:443","uri":"www.google.com:443","headers":{"User-Agent":["curl/7.54.0"],"Padding":["!}>$@^)[!!!!!!!!~~~~~"],"Proxy-Connection":["Keep-Alive"],"Proxy-Authorization":["Basic dGVzdDp0ZXN0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"naive.a.mydomian.com"}},"bytes_read":0,"user_id":"","duration":0.000001443,"size":0,"status":0,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":24000\"; ma=2592000"]}}
Aug 24 20:09:16 my-ubuntu caddy[17357]: {"level":"info","ts":1724501356.3339758,"logger":"http.log.access","msg":"NOP","request":{"remote_ip":"127.0.0.1","remote_port":"48306","client_ip":"127.0.0.1","proto":"HTTP/1.1","method":"CONNECT","host":"www.google.com:443","uri":"www.google.com:443","headers":{"Padding":["?$)$}{$$!!!!!!!!~~~~~~~~~"],"Proxy-Connection":["Keep-Alive"],"Proxy-Authorization":["Basic dGVzdDp0ZXN0"],"User-Agent":["curl/7.54.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"naive.a.mydomian.com"}},"bytes_read":0,"user_id":"","duration":0.000004539,"size":0,"status":0,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":24000\"; ma=2592000"]}}

Answer 1 · 2024-08-25T09:16:03.000Z

naiveproxy uses CONNECT http method but i dont think nginx supports it.

Answer 2 · 2024-08-25T11:10:22.000Z

naiveproxy uses CONNECT http method but i dont think nginx supports it.

Thank you for the reply. I would try if this module https://github.com/chobits/ngx_http_proxy_connect_module?tab=readme-ov-file works and post updates here.

Answer 3 · 2024-08-26T01:23:23.000Z

naiveproxy uses CONNECT http method but i dont think nginx supports it.

Thank you for the reply. I would try if this module https://github.com/chobits/ngx_http_proxy_connect_module?tab=readme-ov-file works and post updates here.

Ok.

But, maybe this could be another issue.

Known issues.
In HTTP/2, the CONNECT method is not supported. It only supports the CONNECT method request in HTTP/1.x and HTTPS.

If you face issues, can you try with https instead of http2 method? As far as I know, shadowrocket on iOS and some other naiveproxy clients including yass support pure http1 connect method.