Forum Discussion

pepito's avatar
pepito
Icon for Altocumulus rankAltocumulus
Sep 14, 2022
Solved

How to tell nginx to use another proxy to reach destination server ?

Hello.

I create this discussion because of the following problem I'm encountering.

Here is the situation :

  • I have multiple servers which are in a secure network zone
  • I have another server where nginx is installed
  • The NGINX server has access to a remote destination (a gitlab) through a proxy

So the flow is the following : Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab in another network zone.

Is it possible to tell nginx to use this "squid-proxy" to reach the gitlab server, please ?

For the moment, I have this configuration :

 

 

 

 

 

server {
  listen 443 ssl;
  server_name <ALIAS DNS OF NGINX SERVER>;

  ssl_certificate /etc/nginx/certs/mycert.crt;
  ssl_certificate_key /etc/nginx/certs/mykey.key;
  ssl_session_cache shared:SSL:1m;
  ssl_prefer_server_ciphers   on;

  access_log /var/log/nginx/mylog.access.log;
  error_log  /var/log/nginx/mylog.error.log debug;

  location / {
    proxy_pass https://the-gitlab-host:443;
  }
}

 

 

 

 

 

But it does not work. When I try to perform a git command from a server in secure zone, it fails and in the nginx logs I see a timeout, which is normal, because nginx does not use the squid proxy to reach the gitlab server.

Thank you in advance for your help !

Best regards.

  • Could you elaborate a bit more?

    Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab

    Are you suggesting that traffic passing through a reverse proxy (nginx) needs to pass through a forward proxy (squid) to get to an internal resource? And if so, an explicit forward proxy?

     

3 Replies

  • Could you elaborate a bit more?

    Servers in secure zone --> Server Nginx --> squid-proxy --> an internal gitlab

    Are you suggesting that traffic passing through a reverse proxy (nginx) needs to pass through a forward proxy (squid) to get to an internal resource? And if so, an explicit forward proxy?

     

  • Hello Kevin.

    Sorry for the delay of my answer.

    Yes, I am using nginx as a reverse proxy.

    To reach the gitlab specific destination, it needs to use a forward proxy and I don't know how to configure that. Do you know how to do it ?

    Thanks in advance.

  • hmi's avatar
    hmi
    Icon for Nimbostratus rankNimbostratus

    I have a similar requirement, the Nginx has to go through a Squid HTTP proxy to access the target destination.

    how to configure it?

     

    Thank you.