Hello, I have a situation where the web client is making an HTTPS requestl, which is received by NGINX, which then needs to forward it to an HTTP proxy using CONNECT, which then forwards the HTTPS request to the Web Server. I am having no luck in finding ways for NGINX to act as a PROXY Client to the Proxy Server. I find no way of specifying a proxy server and port. If I just use proxy_pass from NGINX → proxy server, it uses GET/POST/or whatever and doesn’t use CONNECT which the Proxy Server is expecting. To me it seems like it should be a very common use case, but I can’t seem to find a solution for it. I know that stream can allow a client to send CONNECT request and NGINX can act as a dumb proxy BUT in this case NGINX need to be the client for the proxy.
Any advice?
Heya @greekhero!
NGINX does not support being used as a forward proxy, and thus does not support the CONNECT method. There is an open PR to add support for it (HTTP CONNECT proxy. by arut · Pull Request #707 · nginx/nginx · GitHub) but there is no ETA for it being merged and released.
A quick search also shows some community modules that add support for the method (e.g. GitHub - chobits/ngx_http_proxy_connect_module: A forward proxy module for CONNECT request handling) but these are not supported by NGINX so if something doesn’t work, you would be on your own.
Hi Alessandro, thank you for your quick reply. I think both the suggestions you provided aim to support NGINX being used as a forward proxy “server”, meaning that it can officially support the forward proxy using http/https. However, that could already be attained by using stream. My issue is that I need the NGNIX to ACT as a proxy client AND forward the request to a Forward Proxy and speak CONNECT with the forward proxy. Which it can’t in any of the examples.
This is a shame because NGINX does everything, all proxy_pass needs to do is to:
- IF connect is specified, look for a say proxy_forward_host and proxy_forward_port and before proxying the actual request connect to $proxy_forward_host on proxy_forward_port instead of $host and $port
- Once connected send:
CONNECT $scheme://$host:$port$request_uri
- If 200 received from next proxy, resume normal proxy_pass operation; otherwise, fail
Like I said, NGINX does not support the CONNECT method at this point. And it will only support it once the PR I linked gets merged and released. If you have any thoughts on the implementation or would like to see further features developed, I’d suggest commenting on the PR or opening a new feature request 
OK, thats disappointing because it really cripples NGINX. The PR 707 doesn’t really serve any purpose as that can be accomplished today using stream.
Feel free to open a feature request on GitHub!