Forward proxy through a reverse proxy

(Quentin McGaw) #1

Hi all!

I am trying to achieve something rather bizarre.

  1. I have a VPN client in a Docker container, called vpn.
  2. I have a Caddy forward proxy container, named forward, connected with --network:"container:vpn" with Caddyfile
    :9000 {
      forwardproxy {
        basicauth user pass
      }
    }
    
  3. I have another Caddy reverse proxy container, named caddy, with Caddyfile
    :9000 {
      proxy / forward:9000
    }
    
    which uses a Docker link --link="vpn:forward" to access port 9000 of forward.

My problem is that the forward proxy does not work with error ERR_PROXY_AUTH_UNSUPPORTED (on Chrome with SwitchyOmega), although it will work without the other extra Caddy reverse proxy. What am I missing here? Is this even possible?

Thanks !

(Matthew Fay) #2

I don’t think you can reverse proxy to a forward proxy… Forward proxies work a bit differently to a usual HTTP server.

What are you trying to achieve, exactly?

(Quentin McGaw) #3

I am trying to access a VPN client connection through an HTTP forward proxy.

But with the way Docker’s firewall works, it seems a reverse proxy is needed to access the ports of containers connected directly to the VPN client container (i.e. the forward proxy).

Although the forward proxy is being talked to, it doesn’t work. There may be an instruction missing in the Caddyfile of the reverse proxy?

Thanks!

(Matthew Fay) #4

No, I don’t think you can reverse proxy to a forward proxy.

A reverse proxy sends a regular HTTP request to the upstream server.

A forward proxy takes a CONNECT command, and then forwards all HTTP traffic onwards to a requested server.

The reverse proxy doesn’t know how to engage the forward proxy properly - it’s trying to get a webpage, essentially, but a forward proxy doesn’t provide one. You can’t chain them in this way. I think you should be able to chain a forward proxy into a forward proxy, though - but they wouldn’t be configured in this way, they’d just be two independent forward proxies ignorant of each other, and you’d need your own client program to handle layered forward proxies. I’d guess that the reverse proxy is producing the ERR_PROXY_AUTH_UNSUPPORTED because, well, it’s not a forward proxy.