I installed tinyproxy 1.8.4
on a bastion host with public IP on GCP, to forward traffic to a private GKE cluster. Now I'm using ssh to connect to the bastion host with port forwarding and the connection is established correctly, however, Running local commands for example HTTPS_PROXY=localhost:8888 kubectl get pods --all-namespaces
returns this error Unable to connect to the server: Access denied
.
I also tried the same command from inside the bastion host but got the same issue.
In the log file of tinyproxy I find these entries each time I try to execute the previous command. These are the logs of tinyproxy.
CONNECT Mar 01 14:24:03 [1869]: Connect (file descriptor 7): localhost [::1]
NOTICE Mar 01 14:24:03 [1869]: Unauthorized connection from "localhost" [::1].
INFO Mar 01 14:24:03 [1869]: no entity
CONNECT Mar 01 14:24:05 [1860]: Connect (file descriptor 7): localhost [::1]
NOTICE Mar 01 14:24:05 [1860]: Unauthorized connection from "localhost" [::1].
INFO Mar 01 14:24:05 [1860]: no entity
CONNECT Mar 01 14:24:05 [1865]: Connect (file descriptor 7): localhost [::1]
NOTICE Mar 01 14:24:05 [1865]: Unauthorized connection from "localhost" [::1].
INFO Mar 01 14:24:05 [1865]: no entity
CONNECT Mar 01 14:24:06 [1862]: Connect (file descriptor 7): localhost [::1]
NOTICE Mar 01 14:24:06 [1862]: Unauthorized connection from "localhost" [::1].
INFO Mar 01 14:24:06 [1862]: no entity
CONNECT Mar 01 14:24:07 [1864]: Connect (file descriptor 7): localhost [::1]
NOTICE Mar 01 14:24:07 [1864]: Unauthorized connection from "localhost" [::1].
INFO Mar 01 14:24:07 [1864]: no entity
I'm following this guide https://github.com/GoogleCloudPlatform/gke-private-cluster-demo and I don't know where is the issue. Thank you in advance.
The issue was simpler than I thought, but this is really ambigous.
localhost
is not translated to127.0.0.1
to match the default rule in tinyproxy. I allowedlocalhost
explicitly in/etc/tinyproxy.conf
by adding the lineAllow localhost
in access control section. Restarted tinyproxy and then it is working.