Implementing CONNECT in nginx

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Implementing CONNECT in nginx

Thomas Glanzmann
Hello everyone,
I would like to extend nginx with a CONNECT statement which connects to
a TCP socket. Could someone walk me through which source files I need to
modify and which fucntions I should have a look at?

Or if there is anything else that can give me a quickstart?

My use case is that I would like to share one tcp port between a
webserver that I already have and a SSL VPN. The SSL VPN does the
following:

CONNECT /CSCOSSLC/tunnel HTTP/1.1
Host: lync.gmvl.de
User-Agent: Cisco AnyConnect VPN Agent for Windows 3.0.07059
Cookie: webvpn=02F9D1@12288@188C@D7B405A4A46480CF364F1A6FD51998A0025DC727
X-CSTP-Version: 1
X-CSTP-Hostname: lenovo
X-CSTP-MTU: 1306
X-CSTP-Address-Type: IPv6,IPv4
X-DTLS-Master-Secret: D40F07275F15A18F5872905B79FDAC4FD8C33EA13503DF29878C10FE6DA1D025B1128C66AB06E3EB1CEBBBFFF00CBC08
X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
X-DTLS-Accept-Encoding: lzs
X-CSTP-Accept-Encoding: lzs,deflate
X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.

References:
http://www.infradead.org/ocserv/
http://article.gmane.org/gmane.network.vpn.openconnect.devel/1040

Cheers,
        Thomas

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Implementing CONNECT in nginx

Thomas Glanzmann
Hello,

* Thomas Glanzmann <[hidden email]> [2014-01-22 16:15]:
> I would like to extend nginx with a CONNECT statement which connects to
> a TCP socket. Could someone walk me through which source files I need to
> modify and which fucntions I should have a look at?

to answer my own question. The websocket implementation. Diff between
1.3.12 and 1.3.13 comes very close to what I'm looking for.

Cheers,
        Thomas

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

答复: Implementing CONNECT in nginx

卫越
I think this meets your requirement
https://github.com/alibaba/tengine/pull/335/files

-----邮件原件-----
发件人: [hidden email] [mailto:[hidden email]] 代表 Thomas
Glanzmann
发送时间: 2014年1月23日 4:48
收件人: [hidden email]
抄送: [hidden email]
主题: Re: Implementing CONNECT in nginx

Hello,

* Thomas Glanzmann <[hidden email]> [2014-01-22 16:15]:
> I would like to extend nginx with a CONNECT statement which connects to
> a TCP socket. Could someone walk me through which source files I need to
> modify and which fucntions I should have a look at?

to answer my own question. The websocket implementation. Diff between
1.3.12 and 1.3.13 comes very close to what I'm looking for.

Cheers,
        Thomas

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Implementing CONNECT in nginx

Thomas Glanzmann
In reply to this post by Thomas Glanzmann
Hello Nickos,
antoher way would be the SNI to distinguish. It would be nice to have
SNI proxy support in NGINX. However there is a third party proxy which
probably already does the job:

https://github.com/dlundquist/sniproxy

I'll test it later after I bisected the problem with anyconnect.

Cheers,
        Thomas

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx