I’m having trouble connecting a forward proxy with the reverse proxy, both supported by tinyproxy (version 1.8.3). I don’t know if it is a problem with the configuration.
I’m testing these proxies with 4 virtual machines running Debian GNU/Linux 8.9 (jessie). These machines represent a client, a forward proxy, reverse proxy and the server. I’m setting up the communication between the forward and the reverse proxy.
The server is running Apache server, that returns the default HTML page saying “It works”.
The desired behavior is for the client to communicate with the server through the forward proxy that upstreams to the reverse proxy which interacts with the server:
Client (10.0.2.33) -> forward proxy (10.0.2.35) -> reverse proxy (10.0.2.36) -> server (10.0.2.34)
To test the system I use this curl command in the client machine:
curl -v --proxy http://10.0.2.35:8888 http://10.0.2.34:80/
Forward proxy configuration file:
## tinyproxy.conf -- tinyproxy daemon configuration file
User nobody
Group nogroup
Port 8888
Listen 10.0.2.35
BindSame yes
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Logfile "/var/log/tinyproxy/tinyproxy.log"
#Syslog On
LogLevel Info
PidFile "/var/run/tinyproxy/tinyproxy.pid"
#Upstream 10.0.2.36:8888 "10.0.2.0/24"
Upstream 10.0.2.36:8888
MaxClients 100
MinSpareServers 2
MaxSpareServers 5
StartServers 2
MaxRequestsPerChild 0
Allow 127.0.0.1
Allow 10.0.2.0/24
ViaProxyName "tinyproxy1"
ConnectPort 8888
ConnectPort 80
# The following two ports are used by SSL.
ConnectPort 443
ConnectPort 563
Reverse proxy configuration file:
## tinyproxy.conf -- tinyproxy daemon configuration file
User nobody
Group nogroup
Port 8888
Listen 10.0.2.36
BindSame yes
Timeout 600
StatFile "/usr/share/tinyproxy/stats.html"
Logfile "/var/log/tinyproxy/tinyproxy.log"
#Syslog On
LogLevel Info
PidFile "/var/run/tinyproxy/tinyproxy.pid"
no upstream "10.0.2.34:80"
#no upstream "."
MaxClients 5
MinSpareServers 2
MaxSpareServers 5
StartServers 2
MaxRequestsPerChild 0
Allow 127.0.0.1
Allow 10.0.2.0/24
Allow 10.0.2.35
ViaProxyName "tinyproxy2"
ConnectPort 8888
ConnectPort 80
# The following two ports are used by SSL.
ConnectPort 443
ConnectPort 563
ReversePath "/" "http://10.0.2.34:80/"
ReversePath "/wired/" "http://www.wired.com/"
ReverseOnly Yes
ReverseMagic Yes
ReverseBaseURL "http://10.0.2.34:80/"
These are the TCP flow stream captured by Wireshark:
Flow [client <-> forward proxy]
GET http://10.0.2.34:80/ HTTP/1.1
User-Agent: curl/7.38.0
Host: 10.0.2.34
Accept: */*
Proxy-Connection: Keep-Alive
HTTP/1.0 400 Bad Request
Via: 1.1 tinyproxy1 (tinyproxy/1.8.3)
Server: tinyproxy/1.8.3
Content-Type: text/html
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head><title>400 Bad Request</title></head>
<body>
<h1>Bad Request</h1>
<p>Request has an invalid URL</p>
<hr />
<p><em>Generated by tinyproxy version 1.8.3.</em></p>
</body>
</html>
Flow [forward proxy <-> reverse proxy]
GET http://10.0.2.34:80/ HTTP/1.0
Host: 10.0.2.34
Connection: close
Via: 1.1 tinyproxy1 (tinyproxy/1.8.3)
User-Agent: curl/7.38.0
Accept: */*
HTTP/1.0 400 Bad Request
Server: tinyproxy/1.8.3
Content-Type: text/html
Connection: close
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head><title>400 Bad Request</title></head>
<body>
<h1>Bad Request</h1>
<p>Request has an invalid URL</p>
<hr />
<p><em>Generated by tinyproxy version 1.8.3.</em></p>
</body>
</html>
These are the outputs for the tinyproxy log file:
Forward proxy
CONNECT Dec 10 22:05:08 [2788]: Connect (file descriptor 6): 10.0.2.33 [10.0.2.33] at [10.0.2.35]
CONNECT Dec 10 22:05:08 [2788]: Request (file descriptor 6): GET http://10.0.2.34:80/ HTTP/1.1
INFO Dec 10 22:05:08 [2788]: Found upstream proxy 10.0.2.36:8888 for 10.0.2.34
CONNECT Dec 10 22:05:08 [2788]: Established connection to upstream proxy "10.0.2.36" using file descriptor 7.
INFO Dec 10 22:05:08 [2788]: Closed connection between local client (fd:6) and remote client (fd:7)
Reverse proxy
CONNECT Dec 10 22:05:08 [4487]: Connect (file descriptor 6): 10.0.2.35 [10.0.2.35] at [10.0.2.36]
CONNECT Dec 10 22:05:08 [4487]: Request (file descriptor 6): GET http://10.0.2.34:80/ HTTP/1.0
ERROR Dec 10 22:05:08 [4487]: Bad request
INFO Dec 10 22:05:08 [4487]: no entity
Currently, I can access the server page within the reverse proxy machine, “curl”ing http://10.0.2.34:80/ and http://10.0.2.36:8888/ because of my reverse proxy configuration (ReversePath). Next image shows the Wireshark capture in the reverse proxy machine.
Image from reverse proxy access to server captures
With all this configuration all I'm getting in the client's machine is 400 bad request error message from the reverse proxy.
Best Answer
This issue was solved. The way to test this is not by requesting the page directly to the server, but to the reverse proxy machine. Plus the Forward proxy should not upstream the traffic to the Reverse proxy.
Th reverse proxy cannot understand the request sent to the host/server, if the forward proxy upstreams the traffic because they work differently.
The right configuration for the forward proxy has to exclude the line:
Because the reverse proxy has the following rule:
When requesting the server resource (the page "It works" from Apache), the reverse proxy (10.0.2.36) will request for the server (10.0.2.34) once we request “http://10.0.2.36:8888/”
We should run curl to the reverse proxy with:
Then we can see that the configuration works, with the following output: