3

I installed tinyproxy 1.8.4 on a bastion host with public IP on GCP, to forward traffic to a private GKE cluster. Now I'm using ssh to connect to the bastion host with port forwarding and the connection is established correctly, however, Running local commands for example HTTPS_PROXY=localhost:8888 kubectl get pods --all-namespaces returns this error Unable to connect to the server: Access denied.

I also tried the same command from inside the bastion host but got the same issue.

In the log file of tinyproxy I find these entries each time I try to execute the previous command. These are the logs of tinyproxy.

CONNECT   Mar 01 14:24:03 [1869]: Connect (file descriptor 7): localhost [::1]
NOTICE    Mar 01 14:24:03 [1869]: Unauthorized connection from "localhost" [::1].
INFO      Mar 01 14:24:03 [1869]: no entity
CONNECT   Mar 01 14:24:05 [1860]: Connect (file descriptor 7): localhost [::1]
NOTICE    Mar 01 14:24:05 [1860]: Unauthorized connection from "localhost" [::1].
INFO      Mar 01 14:24:05 [1860]: no entity
CONNECT   Mar 01 14:24:05 [1865]: Connect (file descriptor 7): localhost [::1]
NOTICE    Mar 01 14:24:05 [1865]: Unauthorized connection from "localhost" [::1].
INFO      Mar 01 14:24:05 [1865]: no entity
CONNECT   Mar 01 14:24:06 [1862]: Connect (file descriptor 7): localhost [::1]
NOTICE    Mar 01 14:24:06 [1862]: Unauthorized connection from "localhost" [::1].
INFO      Mar 01 14:24:06 [1862]: no entity
CONNECT   Mar 01 14:24:07 [1864]: Connect (file descriptor 7): localhost [::1]
NOTICE    Mar 01 14:24:07 [1864]: Unauthorized connection from "localhost" [::1].
INFO      Mar 01 14:24:07 [1864]: no entity

I'm following this guide https://github.com/GoogleCloudPlatform/gke-private-cluster-demo and I don't know where is the issue. Thank you in advance.

1 Answers1

2

The issue was simpler than I thought, but this is really ambigous. localhost is not translated to 127.0.0.1 to match the default rule in tinyproxy. I allowed localhost explicitly in /etc/tinyproxy.conf by adding the line Allow localhost in access control section. Restarted tinyproxy and then it is working.