Welcome! Log In Create A New Profile

Advanced

Nginx redirecting traffic to one of two proxy servers based on server_name

Posted by mark.gargan 
Nginx redirecting traffic to one of two proxy servers based on server_name
December 06, 2021 06:45PM
I have the following nginx configuration for redirecting traffic to one of two proxies. One is charles running locally on port 8889 and the other is an mitmproxy docker instance running on the exposed port 8080. I map the traffic to either proxy based on the server_name using the $ssl_preread_server_name map as below. When I curl through the nginx server on port 9991 with www.google.com it correctly goes through the charles proxy however when I attempt to ping the kong server, https://kong:8445 it doesn't get redirected through the mitmproxy. The servername kong, oddly gets resolved correctly to its IP, 172.17.0.4, which then attempts to redirect through charles? Can anyone see what I'm doing wrong here?

map $ssl_preread_server_name $upstream {
hostnames;
www.google.com charles;
kong mitmproxy;
172.17.0.4 mitmproxy;
default charles;
}


#user nobody;
worker_processes 1;
#pid /usr/local/var/log/nginx.pid;


events {
worker_connections 1024;
}

stream {

log_format custom_log_format '$remote_addr - [$time_local] ';
# '$request_uri $status $body_bytes_sent '
# '"$http_referer" "$http_user_agent" "$gzip_ratio"';

access_log /usr/local/var/log/nginx/access.log custom_log_format;
error_log /usr/local/var/log/nginx/error.log;

upstream mitmproxy {
server 192.168.0.19:8080;
}

upstream charles {
server 192.168.0.19:8889;
}

map $ssl_preread_server_name $upstream {
hostnames;
www.google.com charles;
kong mitmproxy;
172.17.0.4 mitmproxy;
default charles;
}

server {
listen 9991;
listen [::]:9991;
ssl_preread on;
proxy_pass $upstream;
}
}
Re: Nginx redirecting traffic to one of two proxy servers based on server_name
December 07, 2021 05:52AM
Just an update on this
regardless of the mappings all the traffic appears to go through whatever's specified as the default i.e. in the case below the charles route.

map $ssl_preread_server_name $name {
hostnames;
www.google.com charles;
kong mitmproxy;
172.17.0.4 mitmproxy;
default charles;
}

I updated the log_format to print out what nginx thinks is the ssl_preread_server_name

og_format log_stream '$remote_addr [$time_local] $protocol [$ssl_preread_server_name] [$ssl_preread_alpn_protocols] [$name] '
'$status $bytes_sent $bytes_received $session_time';

and it just prints out hyphens for both the ssl_preread_server_name & ssl_preread_alpn_protocols.

Anyone any idea what I'm missing? There seems to be a bunch of examples of this working on the web but I just can't seem to get it to work.

Thanks,
Mark.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 95
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready