Nginx – Reach server via ssh tunnel and nginx proxy


I'm new to nginx. I've inherited a fully functional and configured Ubuntu server with nginx and would like to tune it additionally to support a somewhat weird configuration, described below.

Basic info. My Ubuntu server (let's name it runs in an internal corporate network. It hosts Gerrit and Jenkins, each of which has www-interface, listening on its own port (8081 and 8082), and nginx proxies requests to respective locations. For example requests to are proxied to
Unfortunately, I cannot show nginx config right now, since I am writing this question from home. I remember that it contains lines with proxy_pass clause.

Now, here comes that weird configuration., ports 80, 22 and 29418  <--> other Linux <--> Windows

Other Linux and Windows PC also belong to the corporation network (it's large). Other Linux can connect to my server on ports 80, 22 and 29418. Other ports are blocked by firewalls, which I cannot affect. Windows PC can connect to Other Linux with SSH, and probably other ports and protocols are available. I don't have neither login, nor superuser privileges on Other Linux.

My colleague, WindowsPC user, already successfully uses Putty and its SSH tunnel on port 29418 to connect to our Gerrit (which also listens on port 29418). The respective tunnel is localhost:29418 ->

My goal is to give my colleague access to www-interfaces of Gerrit and Jenkins at

I can instruct him to establish one or several more SSH tunnels to my server.
However, I guess, it also requires some tuning of nginx, because simple SSH tunnel localhost:80 -> server:80 doesn't work. Chrome complained about SSL connection timeout on attempt to connect to localhost:80.

UPDATE2: I've tried to model this setup on my PC (Windows also) and use wget from Git distro. I've also created one more location for experiments.

Here is the relevant (I hope) part of nginx config

# file nginx.conf

include /etc/nginx/conf.d/*.conf;
# ...

# file conf.d/tunnel.conf
# This server clause is contained in conf.d/tunnel.conf
server {
    listen 80;
    server_name "localhost:1234";
    server_name_in_redirect off;

    location /gerrit2 {
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  Host $http_host;
# end of tunnel.conf

# again, file nginx.conf
server {
        listen 80 default;
        rewrite ^$request_uri permanent;

server {
    listen 80;

    location ~ "^/$" {
        rewrite / /redmine;

    location /gerrit/ {
        proxy_pass   http://localhost:8081;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  Host $http_host;

The output from wget -d was the following:

$ wget -d http://localhost:1234/gerrit2
DEBUG output created by Wget 1.11.4 on Windows-MSVC.

--2015-11-12 11:20:51--  http://localhost:1234/gerrit2
Resolving localhost... seconds 0.00,
Caching localhost =>
Connecting to localhost||:1234... seconds 0.00, connected.
Created socket 900.
Releasing 0x029773e8 (new refcount 1).

---request begin---
GET /gerrit2 HTTP/1.0
User-Agent: Wget/1.11.4
Accept: */*
Host: localhost:1234
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 301 Moved Permanently
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 12 Nov 2015 08:20:51 GMT
Content-Type: text/html
Content-Length: 193
Connection: keep-alive

---response end---
301 Moved Permanently
Registered socket 900 for persistent reuse.
Location: [following]
Skipping 193 bytes of body: [<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.4.6 (Ubuntu)</center>
] done.
--2015-11-12 11:20:51--
Resolving seconds 0.00,
Caching =>
Connecting to||:80... seconds 0.00, connected.
Created socket 896.
Releasing 0x02977428 (new refcount 1).

---request begin---
GET /gerrit2 HTTP/1.0
User-Agent: Wget/1.11.4
Accept: */*
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 404 Not Found
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 12 Nov 2015 08:20:51 GMT
Content-Type: text/html
Content-Length: 177
Connection: keep-alive

---response end---
404 Not Found
Disabling further reuse of socket 900.
Closed fd 900
Registered socket 896 for persistent reuse.
Skipping 177 bytes of body: [<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.4.6 (Ubuntu)</center>
] done.
2015-11-12 11:20:51 ERROR 404: Not Found.

Best Answer

Found solution. One needs to add to hosts