Reversing SSH HTTP tunnel

Samuel ROZE samuel.roze at gmail.com
Wed Jun 8 15:01:51 CEST 2011 

Hello,

I'm using Varnish as a front reverse-proxy, and it works very well. I
would like to add a new functionnality: an SSH HTTP tunnel, using
"httptunnel". That's what I made:

# hts --forward-port localhost:22 2280

And, in the varnish configuration:

----------------------------------------------------------
[...]
backend hts {
  .host = "127.0.0.1";
  .port = "2280";
  .first_byte_timeout = 600s;
}

[...]
sub vcl_recv {
        if (req.http.host ~ "tunnel.example.com") {
                set req.backend = hts;
        }
[...]
        } else {
                set req.backend = nginx;
        }
}
----------------------------------------------------------

So I just want Varnish to redirect HTTP request to
"tunnel.example.com" to the HTS backend, but it doesn't work when I
run the httptunnel client and I make the SSH connection:

$ htc --forward-port 8001 tunnel.example.com:80
$ ssh root at localhost -p 8001
ssh_exchange_identification: Connection closed by remote host

------------------------------------------------------

   17 RxRequest    c POST
   17 RxURL        c /index.html?crap=1307533809
   17 RxProtocol   c HTTP/1.0
   17 RxHeader     c Host: tunnel.example.com
   17 RxHeader     c Content-Length: 102400
   17 RxHeader     c X-Forwarded-For: 10.6.2.154
   17 RxHeader     c Cache-Control: max-age=259200
   17 RxHeader     c Connection: keep-alive
   17 VCL_call     c recv
   17 VCL_return   c pass
   17 VCL_call     c hash
   17 VCL_return   c hash
   17 VCL_call     c pass
   17 VCL_return   c pass
   19 BackendOpen  b hts 127.0.0.1 35066 127.0.0.1 2280
   17 Backend      c 19 hts hts
   19 TxRequest    b POST
   19 TxURL        b /index.html?crap=1307533809
   19 TxProtocol   b HTTP/1.0
   19 TxHeader     b Host: tunnel.example.com
   19 TxHeader     b Content-Length: 102400
   19 TxHeader     b X-Forwarded-For: 10.6.2.154, X.X.X.X
   19 TxHeader     b X-Varnish: 255974636
   17 FetchError   c backend write error: 11 (Resource temporarily unavailable)
   19 BackendClose b hts
   17 VCL_call     c error
   17 VCL_return   c deliver
   17 VCL_call     c deliver
   17 VCL_return   c deliver
   17 TxProtocol   c HTTP/1.1
   17 TxStatus     c 503
   17 TxResponse   c Service Unavailable
   17 TxHeader     c Server: Varnish
   17 TxHeader     c Retry-After: 0
   17 TxHeader     c Content-Type: text/html; charset=utf-8
   17 TxHeader     c Content-Length: 418
   17 TxHeader     c Date: Wed, 08 Jun 2011 11:56:04 GMT
   17 TxHeader     c X-Varnish: 255974636
   17 TxHeader     c Age: 5
   17 TxHeader     c Via: 1.1 varnish
   17 TxHeader     c Connection: close
   17 Length       c 418
   17 ReqEnd       c 255974636 1307534159.114364386
1307534164.113938570 0.000126123 4.999477625 0.000096560
   17 SessionClose c error
------------------------------------------------------


But, when I use the HTS port number, it works:
$ htc --forward-port 8001 tunnel.example.com:2280
$ ssh root at localhost -p 8001

Do you have some idea?

Regards,
Samuel ROZE.

More information about the varnish-misc mailing list