New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use mitmproxy behind reverse proxy #4963
Comments
Hello Sir, I had a few questions regarding this issue if you don't mind.
|
So basically I want to be able to have nginx redirect requests for https://mitm.proxy to https://127.0.0.1:$PORT, where mitmproxy is, decrypting traffic |
Ok Sir, So the first case. I did a quick lookup in the docs and found #reverse-proxy feature documentation. Does this meet your needs or is it that we are trying to use Nginx specifically? |
Doesn't this mean that |
Oh, Yes apparently. My bad. I think I just understood what you're trying to achieve. You want all requests to You can achieve so using a simple hostfile addition / iptables rule so that |
No, the problem is, that mitmproxy is not running on port 80/443, but on 2222, so basically, I want to use mitmproxy in a virtual hosts, funneling data from port 80 to 2222 if the host name matches |
Ok. Please try if the below configuration works for you. server {
listen 80 ssl http2;
server_name mitm.proxy;
# un-comment if using port 443 / SSL
# also place certificates in target location
#ssl_certificate /etc/nginx/mitm/certchain.pem;
#ssl_certificate_key /etc/nginx/mitm/mycert.private.pem;
location / {
# SSL use case
#proxy_pass https://localhost:2222;
proxy_pass http://localhost:2222;
}
} This configuration runs nginx on port 80 with SSL and HTTP2 support (optional). We then proxy all requests (all locations |
This is exactly what I have, and it doesn't work. |
For example, using |
Ah, figured it out: |
Oh!, Great to hear that It's solved 😆. I think one of the reasons could be that SSL certs are made for 127.0.0.1 and not localhost. You may now close the issue when you feel. Happy to help :) |
Of course, this is a problem for me: I guess one way would be to basically move my virtual hosts to |
For nginx Hope this helps 😄 |
Perfect, just one last question: if I specify |
Do you intend to use |
No, just a wildcard, matching |
Ok, this should normally work on nginx. I'd need to have a look. could you please send me your nginx config please? |
|
Ok. I can't seem to find anything wrong with the Nginx config on a quick look. According to the nginx domain matching documentation, Nginx supports wildcard domain matches. I would suggest trying |
That also did not work -- I just gave up and put |
Ok. Do the other proxies except for that work? |
If I use |
have you configured Nginx to use SSL and SSL certs properly? cause it might be trying to reach HTTPS. |
Yes, removing the proxy causes https to work perfectly fine. |
It seems that because mitmproxy is behind nginx, all requests are going through nginx. For some reason, nginx isn't just ignoring the requests though and let them go through. |
Firstly make sure Nginx is running. To run any server on port 80 / 443 you need to run with admin permissions. Turn on Nginx logging to stdout. |
I already have NGINX running, that's why I'm able to see in the error
messages that the proxy requests are going through NGINX.
…On Thu, Dec 9, 2021, 12:13 AM Cypherpunk Samurai ***@***.***> wrote:
It seems that because mitmproxy is behind nginx, all requests are going
through nginx. For some reason, nginx isn't just ignoring the requests
though and let them go through.
Firstly make sure Nginx is running. To run any server on port 80 / 443 you
need to run with admin permissions. Turn on Nginx logging to stdout.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4963 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALXWUYF3ZQ4TPDKWEGTJOPLUQA3GBANCNFSM5I2YWFQA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
I recently changed my |
Can you send an example of this 'Host' configuration inside the nginx.conf ? we encounter Error: tunneling socket could not be established, statusCode=400 when going via nginx( dns entry reverse proxy ) to mitm ( dump ) to requested backend. When using it mitm :8443 there isnt any problem |
Yeah, I realized that it's because nginx doesn't support forward proxing. |
So it didn't works at all m or can you clarify more ? |
It doesn't work at all -- I just gave up on it. |
I have come back to this issue, because trying with Caddy's |
I got it to work by first compiling
|
Problem Description
I currently have mitmproxy running on port 2010. However, I want to also be able to access under a host name, like
mitmproxy.test
Proposal
Access mitmproxy from
https://$DOMAIN.$TLD
Alternatives
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the proposal here.
The text was updated successfully, but these errors were encountered: