Hi.
Anyone who have some Ideas how to fix the return way?
Regards
Alex
On 2024-05-27 (Mo.) 09:12, Aleksandar Lazic wrote:
Hi.
I have done some progress with the feature :-)
The test setup runs in 4 shells.
# shell1: curl -vk --connect-to www.test1.com:4433:127.0.0.1:8080 -H "Host:
www.test1.com" https://www.test1.com:4433
# shell2: ./haproxy -d -f examples/upstream-proxy.cfg
# shell3: sudo podman run --rm -it --name squid -e TZ=UTC -p 3128:3128
--network host ubuntu/squid
# shell4: openssl s_server -trace -www -bugs -debug -cert
reg-tests/ssl/common.pem
The Request reaches the s_server but I 'm stuck with the return way
"connection.c:conn_recv_upstream_proxy_tunnel_response()"
Have anyone an Idea what's wrong?
Maybe it's too late for 3.0 but it would be nice to have this feature in 3.1 :-)
Regards
Alex
On 2024-05-24 (Fr.) 00:08, Aleksandar Lazic wrote:
Hi.
I have seen https://github.com/haproxy/haproxy/issues/1542 which requests
that feature.
Now I have tried to "port" the
https://github.com/brentcetinich/haproxy/commit/bc258bff030677d855a6a84fec881398e8f1e082
to the current dev branch and attached the patch.
I'm pretty sure that there are some issues in the patch and I'm happy to make
some rounds to fix the issues :-)
One question for me is, as I'm not that fit anymore in C and datatype, does
this `0x10000` still fits into 32bit?
```from the Patch
+++ b/include/haproxy/server-t.h
@@ -154,6 +154,7 @@ enum srv_initaddr {
#define SRV_F_NON_PURGEABLE 0x2000 /* this server cannot be removed at
runtime */
#define SRV_F_DEFSRV_USE_SSL 0x4000 /* default-server uses SSL */
#define SRV_F_DELETED 0x8000 /* srv is deleted but not yet
purged */
+#define SRV_F_UPSTREAM_PROXY_TUNNEL 0x10000 /* this server uses a upstream
proxy tunnel with CONNECT method */
```
Another Question raised to me is: Why are not "TRACE(...)" entries in
src/connection.c only DPRINTF?
On that way a big thanks to brentcetinich for his great work for the initil
work to that patch.
Regards
Alex
On 2024-05-23 (Do.) 22:32, Aleksandar Lazic wrote:
Hi.
I follow the development more or less closely and I must say I not always
understand all changes :-).
Just for my clarification is the following setup now possible with HAProxy
with all the new shiny features :-)
client => frontend
|
\-> backend server dest1 IP:port
|
\-> call "CONNECT IP:PORT" on upstream proxy
|
\-> TCP FLOW to destination IP
I know there is the
http://docs.haproxy.org/2.9/configuration.html#5.2-socks4 option but sadly
not too much enterprise Proxies admins offers socks4 nowadays.
I think the Scenario is still not possible but I would like to have a second
eye opinion on that.
Maybe somebody on the list have a working solution for the scenario and can
share it, maybe only via direct mail. ¯\_(ツ)_/¯
Regards
Alex
