Hacker-Software
/
https-proxy-with-self-signed-cert
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix proxy: add buffers, timeouts, WebSocket map, logging, SSL passthrough 

- Add proper proxy buffer sizes for large responses/headers
- Add connect/send/read timeouts
- Use connection_upgrade map for proper WebSocket handling
- Add access_log/error_log to dynamic server blocks
- Disable proxy_ssl_verify for HTTPS backend targets
- Add X-Forwarded-Host/Port headers
- Remove client_max_body_size limit

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Stefan Hacker 2026-04-09 16:18:12 +02:00
parent e147d4f670
commit aec06591d5
1 changed files with 56 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
app/app.py
View File

@ -39,10 +39,56 @@ def save_config(config):
json.dump(config, f, indent=2) json.dump(config, f, indent=2)
def _proxy_location_block(target_scheme, upstream_name):
"""Generate proxy location block with all necessary directives."""
return f""" location / {{
proxy_pass {target_scheme}://{upstream_name};
# Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;
# Buffers
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# Don't limit upload size
client_max_body_size 0;
# Pass redirects through
proxy_redirect default;
# Disable SSL verification for HTTPS targets
proxy_ssl_verify off;
}}"""
def generate_nginx_config(config): def generate_nginx_config(config):
"""Generate nginx upstream/server blocks from config.""" """Generate nginx upstream/server blocks from config."""
lines = [] lines = []
# Connection upgrade map for WebSocket support
lines.append("map $http_upgrade $connection_upgrade {")
lines.append(" default upgrade;")
lines.append(" '' close;")
lines.append("}")
lines.append("")
for i, target in enumerate(config.get("targets", [])): for i, target in enumerate(config.get("targets", [])):
name = target.get("name", f"target_{i}") name = target.get("name", f"target_{i}")
target_host = target.get("target_host", "") target_host = target.get("target_host", "")
@ -60,6 +106,8 @@ def generate_nginx_config(config):
lines.append("}") lines.append("}")
lines.append("") lines.append("")
location_block = _proxy_location_block(target_scheme, upstream_name)
# Domain-based routing # Domain-based routing
if domains: if domains:
for domain_entry in domains: for domain_entry in domains:
@ -75,16 +123,10 @@ def generate_nginx_config(config):
lines.append(" ssl_certificate_key /certs/server.key;") lines.append(" ssl_certificate_key /certs/server.key;")
lines.append(" ssl_protocols TLSv1.2 TLSv1.3;") lines.append(" ssl_protocols TLSv1.2 TLSv1.3;")
lines.append("") lines.append("")
lines.append(f" location / {{") lines.append(f" access_log /var/log/nginx/access.log main;")
lines.append(f" proxy_pass {target_scheme}://{upstream_name};") lines.append(f" error_log /var/log/nginx/error.log warn;")
lines.append(" proxy_set_header Host $host;") lines.append("")
lines.append(" proxy_set_header X-Real-IP $remote_addr;") lines.append(location_block)
lines.append(" proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;")
lines.append(" proxy_set_header X-Forwarded-Proto $scheme;")
lines.append(" proxy_http_version 1.1;")
lines.append(' proxy_set_header Upgrade $http_upgrade;')
lines.append(' proxy_set_header Connection "upgrade";')
lines.append(" }")
lines.append("}") lines.append("}")
lines.append("") lines.append("")
@ -98,16 +140,10 @@ def generate_nginx_config(config):
lines.append(" ssl_certificate_key /certs/server.key;") lines.append(" ssl_certificate_key /certs/server.key;")
lines.append(" ssl_protocols TLSv1.2 TLSv1.3;") lines.append(" ssl_protocols TLSv1.2 TLSv1.3;")
lines.append("") lines.append("")
lines.append(f" location / {{") lines.append(f" access_log /var/log/nginx/access.log main;")
lines.append(f" proxy_pass {target_scheme}://{upstream_name};") lines.append(f" error_log /var/log/nginx/error.log warn;")
lines.append(" proxy_set_header Host $host;") lines.append("")
lines.append(" proxy_set_header X-Real-IP $remote_addr;") lines.append(location_block)
lines.append(" proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;")
lines.append(" proxy_set_header X-Forwarded-Proto $scheme;")
lines.append(" proxy_http_version 1.1;")
lines.append(' proxy_set_header Upgrade $http_upgrade;')
lines.append(' proxy_set_header Connection "upgrade";')
lines.append(" }")
lines.append("}") lines.append("}")
lines.append("") lines.append("")