Log upstream requests Nginx reverse proxy

5
votes

I've built and configured a Nginx reverse proxy server.

I've got logging set to include $upstream_http_location and other various variables.

The server that I'm proxying to does not return a location header which means that my $upstream_http_location doesn't return anything.

I'd like to log my upstream request so that I'm able to see in logs what request I'm making to the upstream servers.

I'd like to know if there is a simple way to go about logging outbound requests made by Nginx without creating lua scripts, or if a lua script is the best way to go about this could someone provide direction in my search?

2
loggingnginxproxylua
"location" field in HTTP response header? This field usually means the new url that shoud be redirected to. If not 301 or 302, this filed should not have value. Have you tried $upstream_address?TroyCheng

2 Answers

0
votes

I have the same issue 5 years later If it can't be done in nginx, I suggest using mitmproxy, but as nginx do not handle outgoing proxy, i'll have to use another tunnel binary to do it.

I used socat, but i think stunnel if fine too. Here is a sample of my nginx configuration

proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header Host-Real-IP  $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-Pcol http;

        proxy_intercept_errors on;
        proxy_pass https://127.0.0.1:9090/;
        #127.0.0.1:9090 is the adress on which socat is listening
        #
        proxy_set_header Host [remote_host];
        proxy_redirect https://[remote_host]/ https://[nginx_hostname]/;

Here is my script for socat, which must be running on the nginx server in my example.

proxy=mitmproxy_address
proxyport=mitmproxy_port
forwarded_ip=your_server_address
forwarded_port=your_server_address_port

socat TCP4-LISTEN:9090,reuseaddr,fork PROXY:$proxy:$forwarded_ip:$forwarded_port,proxyport=$proxyport

As for mitmproxy, you should look at tutorial to understand how it works. You can start with :

mitmproxy -p 8888

You can use the --insecure option if your server is self signed

-1
votes

On Windows, the best approach I've found so far is to use Wireshark, which captures all the traffic on an interface.

If the server is listening on the loopback address only, Wireshark won't help (this applies to ASP.NET development server). In this case, TcpTrace helps by tunneling all TCP traffic from one port to another.

(TcpTrace can also log all the traffic, and might be sufficient on its own, without Wireshark).

Not sure if this helps since you didn't specify the operating system.