redirect all web traffic from network through proxy server to a specific URL

qwerewq · 11-26-2018, 09:15 AM

I have a network env, which has outgoing traffic using proxy only.

I want to create some sort of "unproxying GW" for my specific internal network.

I am okay to use any Linux based solution for this, such as nginx/apache, HAproxy, squid, iptables or any other.

Infra:

Code:

gw: 10.1.1.1
dns: 10.2.1.1
proxy: www-proxy.xxx

my server **with** ability to use proxy: 10.1.1.4
My server **without** proxy, but able to access 10.1.1.4 any port: 10.1.1.111

In the end I would like to request: http://10.1.1.4/subdir/file > which would go to http://www.museum/subdir/file over www-proxy.xxx (what is squid, if that matters).

any ideas?

----

for nginx, it is easy to make redirection to some specific URL, but how to set it to use proxy... that is most interesting thing I cannot get.

---

Small update:

App I am trying to use is:

Code:

screen -S vm virt-install --name VM --vcpus 4 --memory 4096 --location http://mirror.centos.org/centos-7/7/os/x86_64/
 --os-variant rhel7 --network network=mgmtbr,model=virtio --disk vol=LVM-pool/vmvol,device=disk,bus=virtio --virt-type kvm --graphics none --console pty --extra-args "console=ttyS0 ip=10.1.1.111::10.1.1.1:255.255.255.0:sel:eth0:none nameserver=10.1.1.1 nameserver=10.1.1.2 inst.proxy='http://www-proxy.xxx:8080/' inst.cmdline"

I do not want to install GUI to set it up.
It fails when trying to get "http://mirror.centos.org/centos-7/7/os/x86_64/LiveOS/squashfs.img", I think in between stage1 and stage2? looks like inst.proxy='http://www-proxy.xxx:8080/' is not set, but I can see IP there...

qwerewq · 11-27-2018, 10:03 AM

I am trying to use nginx here.

I use following additions to default centos config:

Code:

...
http {
    upstream centos {
        server mirror.centos.org;
    }
    resolver 10.2.1.1;
    resolver_timeout 5s;
...
        location / {
            proxy_request_buffering off;
#           proxy_redirect      http://127.0.0.1:8080 https://;
            proxy_pass http://mirror.centos.org/$uri$is_args$args; # used proxy_pass http://centos$uri$is_args$args;
            proxy_redirect http://www-proxy.xxx:8080/ /;
        }
...

cat /var/log/nginx/error.log output:

Code:

2018/11/27 16:59:51 [error] 47525#0: *1 upstream timed out (110: Connection timed out) while connecting to upstream, client: 127.0.0.1, server: _, request: "GET /centos-7/7/os/x86_64/ HTTP/1.1", upstream: "http://88.150.173.210:80//centos-7/7/os/x86_64/", host: "127.0.0.1"

And Curl output:

Code:

curl -v  http://127.0.0.1/centos-7/7/os/x86_64/
* About to connect() to 127.0.0.1 port 80 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /centos-7/7/os/x86_64/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1
> Accept: */*
>
< HTTP/1.1 504 Gateway Time-out
< Server: nginx/1.12.2
< Date: Tue, 27 Nov 2018 15:57:29 GMT
< Content-Type: text/html
< Content-Length: 3693
< Connection: keep-alive
...

it looks like as I expect it to be, but now need to redirect nginx request to proxy server.
Have had idea on using systemd env variable, but not sure if I set it right or nginx ignores it...
Maybe nginx proxy_pass headers variables, but not sure how to... any ideas?

qwerewq · 11-27-2018, 10:40 AM

with haproxy I hit a different issue, but still no result achieved:
I have haproxy config:

Code:

frontend www-proxy
    bind *:80
    log global
    mode http
    use_backend         proxy-squid
    default_backend     proxy-squid

backend proxy-squid
    mode http
    option forwardfor
    option http-server-close
    server seliproxy www-proxy.xxx:8080

Yes, it redirects to proxy, but how to say proxy to fetch data from required url?!

qwerewq · 11-27-2018, 12:12 PM

A workaround, which I am not happy, to place centos iso to the http, to fetch squashfs.img and continue with installation... but I do not like it...