Informatics

nginx as reverse-proxy for amule web gui and… spdy

I was trying to use the amule web gui (amuleweb) via a reverse-proxy:

amule’s web administration is accessed by default on http://myserver:4711

If you have many other webs running on a server it’s always better to let them choose their port numbers and later use nginx to access them all via a unique and easy web access based on url paths easier to remember – for example: http://myserver/amuleweb for amuleweb, http://myserver/myservice1 for service1, etc…

This way all that port numbers are hidden to internet and only port 80/443 is need to be opened in your firewall.

Nonetheless, this time amule reverse-proxy conf in nginx wasn’t very fructifying… even though configuration isn’t complex:

upstream amule {
server 127.0.0.1:4711;
keepalive 4;
}

# amule proxy
location /amule/ {
proxy_pass http://amule/;
}

amule showed always the login web page… even after adding Host and Connection headers just in case amule were specially punctilious about these details – which would be strange in any case…

What went wrong here?

I had to use a network sniffer (thanx tcpdump!) to see what happened…

It’s curious… but the failure was a combination of factors:

  • my nginx server is crafted to support the spdy protocol (I had to recompile nginx to support it)
  • browsers that support SPDY (Chrome, Firefox) change (some?) headers to lower case.

In this case the changed http header is “Cookie: ” !

The value is sent as “cookie: ” and though http headers are case insensitive, amuleweb is not!

amuleweb is a full fledged web server and… has the value of the header set as “Cookie: “, so any other value is discarded… and that is interpreted by amuleweb as an incorrect authentication, so the login page is showed again… and a new cookie is sent because there was no cookie set, in fact!

Maybe amuleweb code could be patched… probably this would be enough:

char *current_cookie = strstr(pHeader, Cookie: );
+         if ( current_cookie == NULL ) {
+             *current_cookie = strstr(pHeader, “cookie: “);
+         }

In the meantime a solution for nginx as reverse-proxy for amule is:

# amule proxy
location /amule/ {
proxy_set_header Cookie amuleweb_session_id=$cookie_amuleweb_session_id;
proxy_pass http://amule/;
}

We’ll have to wait for nginx to support the sanctified spdy (http/2) by the end of 2015. So then we’ll start to see if these lowercase changes on http headers cause hilarious errors on (crafted) web services which do not correctly implement HTTP.

:-o

Advertisements

3 thoughts on “nginx as reverse-proxy for amule web gui and… spdy

  1. I have similar issue without reverse proxy, everything functions, except amuleweb login, it flips back half of the time to the login. I will try to change Cookie but first I will clean my cookies …who knows..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s