Hi everybody,
I am trying to set-up an nginx server as http proxy for the x2go client. My x2go server is a VM on a private network 10.10.10.201. So far I have been using an ssh tunnel to reach the server from outside via ssh on the host. The host runs an nginx server that is connected to the internet. I would like to use nginx as the http proxy to the ssh instance running on the VM. However, when I set "Use proxy server for http connection" and put the host sshproxy.mydomain.com and port 80 in the client, I alwas get the error message: "Cannot connect to proxy server". Nginx does not show any access in the log. Here is my Nginx configuration:
server { listen 80; server_name sshproxy.mydomain.com;
access_log /var/log/nginx/sshproxy-access.log;
error_log /var/log/nginx/sshproxy-error.log warn;
auth_basic "Restricted";
auth_basic_user_file htpasswd;
location / {
proxy_pass http://10.10.10.201:22;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_connect_timeout 3600s;
}} Can anyone help me to get this working?
Hi,
Am 29.05.25 um 13:06 schrieb nf.xgo2025@emimx.com:
Hi everybody,
I am trying to set-up an nginx server as http proxy for the x2go client. My x2go server is a VM on a private network 10.10.10.201. So far I have been using an ssh tunnel to reach the server from outside via ssh on the host. The host runs an nginx server that is connected to the internet. I would like to use nginx as the http proxy to the ssh instance running on the VM. However, when I set "Use proxy server for http connection" and put the host sshproxy.mydomain.com and port 80 in the client, I alwas get the error message: "Cannot connect to proxy server". Nginx does not show any access in the log. Here is my Nginx configuration: <snip>
Can anyone help me to get this working?
I haven't used http proxy mode in ages, and back then, with squid rather than nginx, but it did work. Using an SSH proxy tends to work smoother, though, so that's what I'm using these days. (Curious why you want to switch from SSH to HTTP ...)
But if you're not seeing anything in the logs, it sounds like a misconfiguration of sorts.
You might want to try running X2GoClient in debug mode and also look at the output of "netstat -ant" or "ss -ant" on both the client and the proxy during your connection attempt.
You could also try to connect via your proxy using netcat or plain ssh (see <https://www.dimoulis.net/posts/ssh-over-proxy/> if you don't know how to do that). This will hopefully provide some hints as to what's going wrong.
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
Hi Stefan,
when I run x2goclient --debug, I get the following output:
x2go-INFO-1> "Starting X2Go Client 4.1.2.3..." x2go-WARNING-1> English language requested, not loading translator. x2go-WARNING-1> English language requested, not loading translator. x2go-INFO-3> "Started X2Go Client." x2go-DEBUG-../src/onmainwindow.cpp:655> "$HOME=/home/alex" x2go-DEBUG-../src/onmainwindow.cpp:2392> Reading 2 sessions from config file. x2go-DEBUG-../src/onmainwindow.cpp:13658> libssh not initialized yet. Initializing. x2go-DEBUG-../src/onmainwindow.cpp:2888> Creating QPixmap with session icon: '":/img/icons/128x128/x2gosession.png"'. x2go-INFO-8> "Starting connection to server: d.emimx.com:22" x2go-DEBUG-../src/onmainwindow.cpp:3011> Starting new ssh connection to server:"10.10.10.201":"22" krbLogin: false x2go-DEBUG-../src/sshmasterconnection.cpp:168> SshMasterConnection, host "10.10.10.201"; port 22; user "alex"; useproxy true; proxyserver "sshproxy.mydomain.com"; proxyport 80 x2go-DEBUG-../src/sshmasterconnection.cpp:248> Starting SSH connection without Kerberos authentication. x2go-DEBUG-../src/sshmasterconnection.cpp:250> SshMasterConnection, instance SshMasterConnection(0x5c61447b31d0) created. x2go-DEBUG-../src/sshmasterconnection.cpp:492> SshMasterConnection, instance SshMasterConnection(0x5c61447b31d0) entering thread. x2go-DEBUG-../src/sshmasterconnection.cpp:597> "Cannot connect to proxy server."
x2go-ERROR-2> "Connection error: Proxy: Cannot connect to proxy server." x2go-DEBUG-../src/sshmasterconnection.cpp:762> SshMasterConnection, instance SshMasterConnection(0x5c61447b31d0) waiting for thread to finish. x2go-DEBUG-../src/sshmasterconnection.cpp:764> SshMasterConnection, instance SshMasterConnection(0x5c61447b31d0) thread finished. x2go-DEBUG-../src/sshmasterconnection.cpp:769> SshMasterConnection, instance SshMasterConnection(0x5c61447b31d0) finished destructor.
It seems that the X2Go client never tries to reach the nginx server. However, the nginx server is definitely working and serving a number of websites and "reverse proxying" docker containers. When I use curl, I can reach nginx from the client computer: curl -v --user "alex:xxx" http://sshproxy.mydomain.com
- Host sshproxy.mydomain.com:80 was resolved.
- IPv6: (none)
- IPv4: xxx4
- Trying xxx...
- Connected to sshproxy.mydomain.com (xxx) port 80
- Server auth using Basic with user 'alex'
GET / HTTP/1.1 Host: sshproxy.mydomain.com Authorization: Basic xxx User-Agent: curl/8.5.0 Accept: */*
- Empty reply from server
- Closing connection curl: (52) Empty reply from server
How can I find what is going on?
Am 29.05.25 um 15:24 schrieb nf.xgo2025@emimx.com:
How can I find what is going on?
Try connecting again, and watch the output of "netstat -ant" or "ss -ant" on the client while you do. This should show if it is trying to connect to your proxy at all.
You could also post a screenshot of your session configuration.
I actually just tried connecting via a squid proxy and this still works, so it is unlikely to be a problem in X2Go's code.
My guess is that you have a subtle typo somewhere in your server name that you didn't spot when anonymizing the output.
Maybe try connecting using the Proxy IP, rather than its DNS name?
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
Hi Stefan,
the netstat -ant does not really work because it immediately finishes before I am able to start the connection in the X2Go client. I have no experience in netstat. Is there any way to run it continuously so that I can see what is happening?
I have now connected to the local lan with Wireguard and used the IP address of the host in the local lan. Unfortunately still unchanged, I do not see anything in the nginx logs. Here is a screenshot of my configuration:
Can you spot any mistakes in my configuration?
Thank you,
alex
On 5/29/25 21:30, Stefan Baur wrote:
Am 29.05.25 um 15:24 schrieb nf.xgo2025@emimx.com:
How can I find what is going on?
Try connecting again, and watch the output of "netstat -ant" or "ss -ant" on the client while you do. This should show if it is trying to connect to your proxy at all.
You could also post a screenshot of your session configuration.
I actually just tried connecting via a squid proxy and this still works, so it is unlikely to be a problem in X2Go's code.
My guess is that you have a subtle typo somewhere in your server name that you didn't spot when anonymizing the output.
Maybe try connecting using the Proxy IP, rather than its DNS name?
Kind Regards, Stefan Baur
Hi Alex,
Am 29.05.25 um 17:05 schrieb Alexander Wiegand:
the netstat -ant does not really work because it immediately finishes before I am able to start the connection in the X2Go client. I have no experience in netstat. Is there any way to run it continuously so that I can see what is happening?
If you run it immediately after your connection attempt ends, you should still see "lingering" traces of the connection, e.g. an entry that says "TIME_WAIT" or "CLOSE_WAIT" in the last column (assuming you have LANG=C set; other locale settings might change that to a different text).
You could also run something like
watch -n 1 --diff "netstat -ant | grep 192\.168\.178\.71"
which would only output lines matching the IP from your screenshot, update every second, and highlight any changes to the previous output.
I have now connected to the local lan with Wireguard and used the IP address of the host in the local lan. Unfortunately still unchanged, I do not see anything in the nginx logs. Here is a screenshot of my configuration:
Can you spot any mistakes in my configuration?
Assuming 192.168.178.71 really is the IP of your nginx proxy, it looks okay.
Could you run
nc -l -p 4223
in a terminal on the proxy, then change the port in X2GoClient from 80 to 4223 and try to connect?
If that results in some sort of output on the nc command line, it would show that you can indeed connect from X2GoClient to the proxy. That would hint at nginx doing things not the way squid does them.
Are you sure you don't have something else running on the proxy that already occupies port 80? Another nginx instance, maybe? Could you try running the particular nginx instance you want to use for proxying on port 8080, 3128, or 4223 instead, change your X2GoClient config accordingly, and see if that changes anything?
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
You need to use Wireshark. netstat is only for looking at what ports are open in that instant.
From: Alexander Wiegand <alex@emimx.com> Sent: Thursday, May 29, 2025 10:05 AM To: x2go-user@lists.x2go.org <x2go-user@lists.x2go.org> Subject: [X2Go-User] Re: http proxy server for X2Go client
Hi Stefan,
the netstat -ant does not really work because it immediately finishes before I am able to start the connection in the X2Go client. I have no experience in netstat. Is there any way to run it continuously so that I can see what is happening?
I have now connected to the local lan with Wireguard and used the IP address of the host in the local lan. Unfortunately still unchanged, I do not see anything in the nginx logs. Here is a screenshot of my configuration: [cid:part1.OEQayoN9.Hso7V6md@emimx.com]
Can you spot any mistakes in my configuration?
Thank you,
alex
On 5/29/25 21:30, Stefan Baur wrote: Am 29.05.25 um 15:24 schrieb nf.xgo2025@emimx.com<mailto:nf.xgo2025@emimx.com>: How can I find what is going on?
Try connecting again, and watch the output of "netstat -ant" or "ss -ant" on the client while you do. This should show if it is trying to connect to your proxy at all.
You could also post a screenshot of your session configuration.
I actually just tried connecting via a squid proxy and this still works, so it is unlikely to be a problem in X2Go's code.
My guess is that you have a subtle typo somewhere in your server name that you didn't spot when anonymizing the output.
Maybe try connecting using the Proxy IP, rather than its DNS name?
Kind Regards, Stefan Baur
Am 29.05.25 um 17:33 schrieb Thackeray, Neil L:
You need to use Wireshark. netstat is only for looking at what ports are open in that instant.
Bzzt wrong. While Wireshark, if you know how to use it, will provide this info as well, netstat will do the same. We're talking TCP here, so successful connections, even if terminated, will linger around for a while in a "TIME_WAIT" or "CLOSE_WAIT" state.
Similarly, if you try to connect to the wrong IP (as in, there's no device at all under that IP), you'll see a "SYN_SENT" state via netstat.
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
- On 5/29/25 13:06, nf.xgo2025@emimx.com wrote:
I am trying to set-up an nginx server as http proxy for the x2go client. My x2go server is a VM on a private network 10.10.10.201. So far I have been using an ssh tunnel to reach the server from outside via ssh on the host. The host runs an nginx server that is connected to the internet. I would like to use nginx as the http proxy to the ssh instance running on the VM. However, when I set "Use proxy server for http connection" and put the host sshproxy.mydomain.com and port 80 in the client, I alwas get the error message: "Cannot connect to proxy server". Nginx does not show any access in the log. Here is my Nginx configuration:
Are you positive that the client can reach the HTTP proxy server?
That doesn't seem to be the case, so check if you can reach http://sshproxy.mydomain.com(:80) via a web browser or other means, such as telnet or netcat.
Try giving it:
CONNECT 10.10.10.201:22 HTTP/1.1 Host: 10.10.10.201
if you can connect via nc/telnet.
Given that the message you get is "Cannot connect to proxy server", though, it seems that your client cannot reach the proxy server - further reinforced by your nginx logs staying empty.
Mihai
Hi Mihai, I can reach the VM from the host with ssh 10.10.10.201. Nginx runs on the same host. When I open: http://sshproxy.mydomain.com in my browser I get first the popup for username and password because of the Basic Authentication and then the following error message: This page isn’t working sshproxy.emimx.com didn’t send any data. ERR_EMPTY_RESPONSE
In order to double-check that nginx can reach the VM I startet python3 -m http.server 8000 in the VM and changed in nginx the line: proxy_pass http://10.10.10.201:22; to proxy_pass http://10.10.10.201:8000; I get the python Directory web-server message: listing for / LICENSE-APACHE LICENSE-MIT README.md static-web-server on my browser and the python webserver shows successful connect from the host: Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ... 10.10.10.1 - - [29/May/2025 14:37:45] "GET / HTTP/1.1" 200 - 10.10.10.1 - - [29/May/2025 14:45:46] "GET / HTTP/1.1" 200 - 10.10.10.1 - - [29/May/2025 14:45:46] code 404, message File not found 10.10.10.1 - - [29/May/2025 14:45:46] "GET /favicon.ico HTTP/1.1" 404 - 10.10.10.1 - - [29/May/2025 14:45:55] "GET /static-web-server HTTP/1.1" 200 - 10.10.10.1 - - [29/May/2025 14:46:37] "GET / HTTP/1.1" 200 - So the client can connect to the proxy and the proxy can reach http on port 8000 in the VM. Is the problem that nginx tries to reach ssh on port 22 with the http protocol? Thank you, alex
-
Alexander Wiegand -
Mihai Moldovan -
nf.xgo2025@emimx.com -
Stefan Baur -
Thackeray, Neil L