0

Currently i have a setup, where dnsmasq is used as a dns server, which resolves an dns lookup, to my own servers IP address. Where SNIPORXY is listening on port 80 and 443 The configuration of the sniproxy is

listen 80 {
          proto http
          table proxy_sni
          access_log {
                     filename /var/log/sniproxy/http_access.log
                      priority notice
            }
}
listen 443 {
          proto tls
          table proxy_sni
          access_log {
                      filename /var/log/sniproxy/https_access.log
                       priority notice
           }
}
table proxy_sni {
            .* *
               }
 resolver {
          mode ipv4_only
  }

And i use ProxyChains to run sniproxy. Effectively, forwarding any requests received by sniproxy on port 80 or 442, to the proxies setup in the proxychains configuration.

    proxychains sniproxy -c /etc/sniproxy.conf -f

And the configuration of proxychains is

   dynamic_chain
   chain_len=1
   tcp_read_time_out 32000
   tcp_connect_time_out 11000
   [ProxyList]
   http   192.168.67.78   1080  username password
   socks5 192.168.67.67   1234  username password

And the following iptable rules are added

    iptables -t nat -I OUTPUT -p tcp -m owner --uid-owner $(whoami) -j RETURN
    iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 -j REDIRECT

Which successfully, work as intended.

I wanted to replicate the same setup, either using HAPORXY or NGINX , wanting to eliminate using both sniporxy and proxychains. But could not get it working.

Nginx config

    stream {

     upstream backend_d {
        # Round-robin load balancing
        server 11.21.4.216:12323;
        server 18.21.4.151:12323;
        }
     server {
        listen 80;
        proxy_protocol on;
        proxy_pass backend_d;
        proxy_ssl_server_name on;
        #proxy_set_header Authorization "Basic ZG5eRZG5z0sDmRuc2sRucw==";
        #proxy_pass_header Authorization;
        }

      server {
        listen 443;
        proxy_protocol on; 
        ##proxy_pass $name;
        ssl_preread on;
        proxy_pass backend_d;
        proxy_ssl_server_name on;
        ##proxy_set_header Authorization "Basic ZG5eRZG5z0sDmRuc2sRucw==";
        ##proxy_pass_header Authorization;
        }
}

Is it possible, to achieve the same functionality, using just dnsmasq and nginx, Basically, a reverse proxy (nginx), which forwards requests to another proxy (socks/http proxy that requires basic authentication). Without needing to terminate SSL on the nginx . Any help regarding would be greatly appreciated. Thanks

loxtic
  • 21
  • 1
  • 5

0 Answers0