Quantcast

Multiple "channels" on forwarded port (with a ssh-reverse-tunnel behind)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Multiple "channels" on forwarded port (with a ssh-reverse-tunnel behind)

Ajay Garg
Hi All.

Let's say, we have a server-block like

########################################################################
server {
                listen 2001 ssl;

                ssl_certificate /etc/nginx/ssl/nginx.crt;
                ssl_certificate_key /etc/nginx/ssl/nginx.key;

                location / {
                                        auth_basic 'Restricted';
                                        auth_basic_user_file /home/20da689b45c84f2b80bc84d651ed573f/.htpasswd;

                                        if ($remote_user =  "20da689b45c84f2b80bc84d651ed573f") {
                                                proxy_pass https://127.0.0.1:2000;
                                        }

                }
        }
########################################################################


and when a user opens the browser window. she authenticates, and is appropriately forwarded to port 2000 on the server.
This port (2000) is in a LISTENING state on the server, created via a ssh-reverse-tunnel, through the command

            sshpass -p password ssh -N -R 0.0.0.0:2000:192.168.1.1:443 [hidden email]

from the remote-machine.

Things work fine if only one user is forwarded to port 2000.
However, I observe that if a second user logs into the server and provides the same auth-credentials, a 502-Bad-Gateway error is observed 99% of the times.

Is this expected?
Does the forwarding over a ssh-reverse-tunnelled-port work reliably only if one user is forwarded to the port?

I am sorry if I am posting to the wrong list, not sure if this is a question related to nginx or ssh-reverse-tunnelling in general.
Will be great to hear thoughts/experiences from the experts.


Thanks and Regards,
Ajay


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Multiple "channels" on forwarded port (with a ssh-reverse-tunnel behind)

Ajay Garg
Sorry for the idiotic question.

Just checked, multiple sockets are created on each side of the ssh-reverse tunnel.
So, seems the 502-Bad-Gateway error is due to other (network-slowness) issues.

Sorry again.


Thanks and Regards,
Ajay

On Wed, Apr 12, 2017 at 12:38 PM, Ajay Garg <[hidden email]> wrote:
Hi All.

Let's say, we have a server-block like

########################################################################
server {
                listen 2001 ssl;

                ssl_certificate /etc/nginx/ssl/nginx.crt;
                ssl_certificate_key /etc/nginx/ssl/nginx.key;

                location / {
                                        auth_basic 'Restricted';
                                        auth_basic_user_file /home/20da689b45c84f2b80bc84d651ed573f/.htpasswd;

                                        if ($remote_user =  "20da689b45c84f2b80bc84d651ed573f") {
                                                proxy_pass https://127.0.0.1:2000;
                                        }

                }
        }
########################################################################


and when a user opens the browser window. she authenticates, and is appropriately forwarded to port 2000 on the server.
This port (2000) is in a LISTENING state on the server, created via a ssh-reverse-tunnel, through the command

            sshpass -p password ssh -N -R 0.0.0.0:2000:192.168.1.1:443 [hidden email]

from the remote-machine.

Things work fine if only one user is forwarded to port 2000.
However, I observe that if a second user logs into the server and provides the same auth-credentials, a 502-Bad-Gateway error is observed 99% of the times.

Is this expected?
Does the forwarding over a ssh-reverse-tunnelled-port work reliably only if one user is forwarded to the port?

I am sorry if I am posting to the wrong list, not sure if this is a question related to nginx or ssh-reverse-tunnelling in general.
Will be great to hear thoughts/experiences from the experts.


Thanks and Regards,
Ajay




--
Regards,
Ajay

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...