SSL proxy corruption

[Nicholas Riley]

Hi,

I am attempting to set up nginx for load balancing.  HTTP works fine,
but I'm intermittently getting corrupted output back from HTTPS.  The
responses contain garbage after the actual end of the document.  There
appears to be some randomness/timing to this; the amount of garbage as
well as its contents varies.  In addition to Web browsers I can
replicate this with "openssl s_client" using a single HTTP 1.0
request, no keep-alive or anything.

The load balancing machine is running nginx 0.5.14 on OpenBSD.  The
balanced servers are Apache 2.2.3 and 2.0.54 on Linux.

Here is a minimal nginx.conf which demonstrates the problem:

worker_processes 1;
error_log  /var/log/nginx-error.log;

events {
  worker_connections 1024;
}

http {
  upstream acm-ssl {
      server 172.22.32.80:443;
  }
  
  server {
      listen                    443;
      server_name               www-s.acm.uiuc.edu;
      ssl                       on;
      ssl_certificate           /etc/nginx/www-s.acm.uiuc.edu.crt;
      ssl_certificate_key       /etc/nginx/www-s.acm.uiuc.edu.key;
      keepalive_timeout         70;

      location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass              https://acm-ssl;
      }
  }
}

(And yes, I realize encrypting twice is wasteful; unfortunately we
don't yet have the ability to secure the network connection so we need
to do it this way.)

-- 
Nicholas Riley <njriley at uiuc.edu> | <http://www.uiuc.edu/ph/www/njriley>