NGINX Reverse Proxy for RD Gateway stops working
Posted by jriker1
|
NGINX Reverse Proxy for RD Gateway stops working September 24, 2020 11:24AM |
Registered: 4 years ago Posts: 9 |
Never like when you set something up and it's working and then suddently stops working. Only changes are traditional windows updates on my servers.
My setup. I have two servers that need access to port 443 from the internet so I have setup NGINX in front of it to act as a reverse proxy. I also have Windows Server 2016 Essentials using they Remote Web Access or RD Gateway. I can still access the Essentials website. I can still access my other server that is part of the process. All certs are still valid. When I try to connect to any of my internal computers with RD Gateway it says it can't connect. I do get as far as it popping up my credential ask and entering them and that works but then it chokes. To be honest it worked 8 months ago and since being home because of the pandemic couldn't use it. Now at a remote location and finding it doesn't work. i went to my house and restarted the essentials server but didn't do anything.
NGINX is running on my Ubiquiti EdgeRouter Lite and apparently is still running. I am using upstream for my 443 connections. Below is what I have setup in the conf file:
######--------------BEGIN of the script server {
listen 80;
server_name remote.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://192.168.0.1;
}
}
server {
listen 80;
server_name smart.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://192.168.0.50;
}
}
upstream essentials {
server 192.168.0.1:443;
keepalive 32;
}
upstream assistant {
server 192.168.0.50:8123;
keepalive 32;
}
server {
listen 443 ssl http2;
server_name remote.*;
ssl_certificate /config/user-data/ssl_chain_essentials.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_essentials.pem;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://essentials;
}
}
server {
listen 443 ssl http2;
server_name smart.*;
ssl_certificate /config/user-data/ssl_chain_smart.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_smart.pem;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://assistant;
}
}
#######-----------------end of script----------------------------
Note I tweaked a few settings above for security so hopefully it all still makes sense.
Thoughts? Note I'm remote right now so can't physically check the NGINX logs so hoping someone knows what would have caused this like an http_version requirement change or something.
Thanks.
JR
Edited 1 time(s). Last edit at 09/24/2020 11:30AM by jriker1.
My setup. I have two servers that need access to port 443 from the internet so I have setup NGINX in front of it to act as a reverse proxy. I also have Windows Server 2016 Essentials using they Remote Web Access or RD Gateway. I can still access the Essentials website. I can still access my other server that is part of the process. All certs are still valid. When I try to connect to any of my internal computers with RD Gateway it says it can't connect. I do get as far as it popping up my credential ask and entering them and that works but then it chokes. To be honest it worked 8 months ago and since being home because of the pandemic couldn't use it. Now at a remote location and finding it doesn't work. i went to my house and restarted the essentials server but didn't do anything.
NGINX is running on my Ubiquiti EdgeRouter Lite and apparently is still running. I am using upstream for my 443 connections. Below is what I have setup in the conf file:
######--------------BEGIN of the script server {
listen 80;
server_name remote.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://192.168.0.1;
}
}
server {
listen 80;
server_name smart.masked.net;
# redirect http to https
return 301 https://$server_name$request_uri;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://192.168.0.50;
}
}
upstream essentials {
server 192.168.0.1:443;
keepalive 32;
}
upstream assistant {
server 192.168.0.50:8123;
keepalive 32;
}
server {
listen 443 ssl http2;
server_name remote.*;
ssl_certificate /config/user-data/ssl_chain_essentials.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_essentials.pem;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://essentials;
}
}
server {
listen 443 ssl http2;
server_name smart.*;
ssl_certificate /config/user-data/ssl_chain_smart.pem;
ssl_certificate_key /config/user-data/ssl_chain_key_smart.pem;
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
location / {
proxy_pass https://assistant;
}
}
#######-----------------end of script----------------------------
Note I tweaked a few settings above for security so hopefully it all still makes sense.
Thoughts? Note I'm remote right now so can't physically check the NGINX logs so hoping someone knows what would have caused this like an http_version requirement change or something.
Thanks.
JR
Edited 1 time(s). Last edit at 09/24/2020 11:30AM by jriker1.
|
Re: NGINX Reverse Proxy for RD Gateway stops working September 24, 2020 05:29PM |
Registered: 4 years ago Posts: 9 |
By the way, this is the chain of event logs that come thru after I click to launch the rdp file from a client connected to the RD Gateway website:
These are informational:
RDP ClientActiveX is trying to connect to the server (MEDIACENTER)
Component name:CClientProxyTransport, :: 'Gateway servers list - Server(MEDIACENTER) is 1 of 1 ' in CProxyRawTrans::SetPortAndTs at 2249 err=[0x0]
Component name:CClientProxyTransport, :: 'CClientHTTPProxyTransport::GetTransportType() transportType=1' in CClientHTTPProxyTransport::Connect at 1066 err=[0x0]
These are errors:
Component name:CAAClientAdapter, :: 'm_spHelper->ReadCreds failed' in CAAClientAdapter::CreateTunnel at 380 err=[0xffffffff], Error code:0xFFFFFFFF
Component name:CClientProxyTransport, :: 'm_ClientAdapter->CreateTunnel failed' in CProxyRawTrans::CreateProxyConnection at 2132 err=[0x800759d9], Error code:0x800759D9
Component name:CClientProxyTransport, :: 'Gateway connection time out is 90' in CClientHTTPProxyTransport::Connect at 1098 err=[0x800759d9], Error code:0x800759D9
Component name:CClientProxyTransport, :: 'CreateConnection failed' in CClientHTTPProxyTransport::Connect at 1107 err=[0x800759d9], Error code:0x800759D9
Component name:CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2853 err=[0x800759d9], Error code:0x800759D9
These are informational:
Disconnect trace:CClientProxyTransport "Disconnect trace:'Gateway connection disconnected.' in CClientHTTPProxyTransport::OnDisconnected at 687 err=[0x1a]", Error code:0x1A
Component name:CClientProxyTransport, :: 'Terminating Gateway's channel. CurrentState=1' in CProxyRawTrans::Terminate at 1755 err=[0x0]
The multi-transport connection has been disconnected.
RDP ClientActiveX has been disconnected (Reason= 50331674)
Component name:CClientProxyTransport, :: 'Gateway servers list - Server(MEDIACENTER) is 1 of 1 ' in CProxyRawTrans::SetPortAndTs at 2249 err=[0x0]
Component name:CClientProxyTransport, :: 'CClientHTTPProxyTransport::GetTransportType() transportType=1' in CClientHTTPProxyTransport::Connect at 1066 err=[0x0]
These are errors:
Component name:CAAClientAdapter, :: 'm_spHelper->ReadCreds failed' in CAAClientAdapter::CreateTunnel at 380 err=[0xffffffff], Error code:0xFFFFFFFF
Component name:CAAHttpClientTunnel, :: 'Workspace ID was obtained, but it is not formatted as a GUID ()' in CAAHttpClientTunnel::ObtainWorkspaceId at 3887 err=[0x0], Error code:0x0
Component name:CAAHttpClientRawTransport, :: 'CAAHttpClientRawTransport::InitializeInstance' in CAAHttpClientRawTransport::InitializeInstance at 288 err=[0x0], Error code:0x0
Informational:
Component name:CClientProxyTransport, :: 'Gateway connection time out is 90' in CClientHTTPProxyTransport::Connect at 1098 err=[0x0]
Errors:
Component name:CheckInternetConnectionTask, :: 'Internet-connection is alive. Server checked: http://www.microsoft.com' in CheckInternetConnectionTask::ExecuteTask at 3693 err=[0x0], Error code:0x0
Component name:CheckInternetConnectionTask, :: 'Connection-to-server is alive. Server checked: https://remote.masked.net' in CheckInternetConnectionTask::ExecuteTask at 3707 err=[0x0], Error code:0x0
Warning:
RDPClient_Gateway: An error was encountered when transitioning from AAStateCreatingOutChannel to AAStateError in response to AAEventOutChannelSendRequestFailed (error code 0x800706BA).
Error:
Component name:CAAHttpClientTunnel, :: 'connect failed' in CAAHttpClientTunnel::OnConnected at 1149 err=[0x800706ba], Error code:0x800706BA
Warning:
RDPClient_Gateway: An error was encountered when transitioning from AAStateInitializingTunnel to AAStateError in response to AAEventTunnelOnConnectedFailed (error code 0x800706BA).
Informational:
Disconnect trace:CProxyRawTrans "Disconnect trace:'OnTunnelCreated' in CProxyRawTrans::OnTunnelCreated at 685 err=[0x800706ba]", Error code:0x800706BA
Errors:
Component name:CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2853 err=[0x800706ba], Error code:0x800706BA
Informational:
Disconnect trace:CProxyRawTrans "Disconnect trace:'Disconnect Transport' in CProxyRawTrans::OnCloseConnection at 1940 err=[0xd]", Error code:0xD
Disconnect trace:CClientProxyTransport "Disconnect trace:'Gateway connection disconnected.' in CClientHTTPProxyTransport::OnDisconnected at 687 err=[0xd]", Error code:0xD
Component name:CClientProxyTransport, :: 'Terminating Gateway's channel. CurrentState=1' in CProxyRawTrans::Terminate at 1755 err=[0x0]
Errors:
Component name:CAAHttpClientRawTransport, :: 'Graceful=0' in CAAHttpClientRawTransport::Cleanup at 335 err=[0x0], Error code:0x0
Component name:CAAHttpClientRawTransport, :: 'Graceful=0' in CAAHttpClientRawTransport::Cleanup at 335 err=[0x0], Error code:0x0
Informational:
The multi-transport connection has been disconnected.
RDP ClientActiveX has been disconnected (Reason= 50331661)
Edited 2 time(s). Last edit at 09/24/2020 05:30PM by jriker1.
These are informational:
RDP ClientActiveX is trying to connect to the server (MEDIACENTER)
Component name:CClientProxyTransport, :: 'Gateway servers list - Server(MEDIACENTER) is 1 of 1 ' in CProxyRawTrans::SetPortAndTs at 2249 err=[0x0]
Component name:CClientProxyTransport, :: 'CClientHTTPProxyTransport::GetTransportType() transportType=1' in CClientHTTPProxyTransport::Connect at 1066 err=[0x0]
These are errors:
Component name:CAAClientAdapter, :: 'm_spHelper->ReadCreds failed' in CAAClientAdapter::CreateTunnel at 380 err=[0xffffffff], Error code:0xFFFFFFFF
Component name:CClientProxyTransport, :: 'm_ClientAdapter->CreateTunnel failed' in CProxyRawTrans::CreateProxyConnection at 2132 err=[0x800759d9], Error code:0x800759D9
Component name:CClientProxyTransport, :: 'Gateway connection time out is 90' in CClientHTTPProxyTransport::Connect at 1098 err=[0x800759d9], Error code:0x800759D9
Component name:CClientProxyTransport, :: 'CreateConnection failed' in CClientHTTPProxyTransport::Connect at 1107 err=[0x800759d9], Error code:0x800759D9
Component name:CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2853 err=[0x800759d9], Error code:0x800759D9
These are informational:
Disconnect trace:CClientProxyTransport "Disconnect trace:'Gateway connection disconnected.' in CClientHTTPProxyTransport::OnDisconnected at 687 err=[0x1a]", Error code:0x1A
Component name:CClientProxyTransport, :: 'Terminating Gateway's channel. CurrentState=1' in CProxyRawTrans::Terminate at 1755 err=[0x0]
The multi-transport connection has been disconnected.
RDP ClientActiveX has been disconnected (Reason= 50331674)
Component name:CClientProxyTransport, :: 'Gateway servers list - Server(MEDIACENTER) is 1 of 1 ' in CProxyRawTrans::SetPortAndTs at 2249 err=[0x0]
Component name:CClientProxyTransport, :: 'CClientHTTPProxyTransport::GetTransportType() transportType=1' in CClientHTTPProxyTransport::Connect at 1066 err=[0x0]
These are errors:
Component name:CAAClientAdapter, :: 'm_spHelper->ReadCreds failed' in CAAClientAdapter::CreateTunnel at 380 err=[0xffffffff], Error code:0xFFFFFFFF
Component name:CAAHttpClientTunnel, :: 'Workspace ID was obtained, but it is not formatted as a GUID ()' in CAAHttpClientTunnel::ObtainWorkspaceId at 3887 err=[0x0], Error code:0x0
Component name:CAAHttpClientRawTransport, :: 'CAAHttpClientRawTransport::InitializeInstance' in CAAHttpClientRawTransport::InitializeInstance at 288 err=[0x0], Error code:0x0
Informational:
Component name:CClientProxyTransport, :: 'Gateway connection time out is 90' in CClientHTTPProxyTransport::Connect at 1098 err=[0x0]
Errors:
Component name:CheckInternetConnectionTask, :: 'Internet-connection is alive. Server checked: http://www.microsoft.com' in CheckInternetConnectionTask::ExecuteTask at 3693 err=[0x0], Error code:0x0
Component name:CheckInternetConnectionTask, :: 'Connection-to-server is alive. Server checked: https://remote.masked.net' in CheckInternetConnectionTask::ExecuteTask at 3707 err=[0x0], Error code:0x0
Warning:
RDPClient_Gateway: An error was encountered when transitioning from AAStateCreatingOutChannel to AAStateError in response to AAEventOutChannelSendRequestFailed (error code 0x800706BA).
Error:
Component name:CAAHttpClientTunnel, :: 'connect failed' in CAAHttpClientTunnel::OnConnected at 1149 err=[0x800706ba], Error code:0x800706BA
Warning:
RDPClient_Gateway: An error was encountered when transitioning from AAStateInitializingTunnel to AAStateError in response to AAEventTunnelOnConnectedFailed (error code 0x800706BA).
Informational:
Disconnect trace:CProxyRawTrans "Disconnect trace:'OnTunnelCreated' in CProxyRawTrans::OnTunnelCreated at 685 err=[0x800706ba]", Error code:0x800706BA
Errors:
Component name:CClientProxyTransport, :: 'Gateway Error' in CClientProxyTransport::SetErrorStatus at 2853 err=[0x800706ba], Error code:0x800706BA
Informational:
Disconnect trace:CProxyRawTrans "Disconnect trace:'Disconnect Transport' in CProxyRawTrans::OnCloseConnection at 1940 err=[0xd]", Error code:0xD
Disconnect trace:CClientProxyTransport "Disconnect trace:'Gateway connection disconnected.' in CClientHTTPProxyTransport::OnDisconnected at 687 err=[0xd]", Error code:0xD
Component name:CClientProxyTransport, :: 'Terminating Gateway's channel. CurrentState=1' in CProxyRawTrans::Terminate at 1755 err=[0x0]
Errors:
Component name:CAAHttpClientRawTransport, :: 'Graceful=0' in CAAHttpClientRawTransport::Cleanup at 335 err=[0x0], Error code:0x0
Component name:CAAHttpClientRawTransport, :: 'Graceful=0' in CAAHttpClientRawTransport::Cleanup at 335 err=[0x0], Error code:0x0
Informational:
The multi-transport connection has been disconnected.
RDP ClientActiveX has been disconnected (Reason= 50331661)
Edited 2 time(s). Last edit at 09/24/2020 05:30PM by jriker1.
Sorry, only registered users may post in this forum.
Online Users
Guests:
235
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|