Two Problems with proxy_pass to upstream
Sean Fulton
sean at gcnpublishing.com
Tue Oct 28 01:50:38 MSK 2008
I am trying to proxy traffic to a pair of apache web servers using nginx
with proxy_pass and upstream. All works well for port 80, even given
that the apache server is using NameVirtualHost and has a half-dozen
sites on it. All fine.
The problems I have are for traffic going to port 443 (SSL) and 9090
(this is a java app).
SSL traffic results in the following error:
Secure Connection Failed
An error occurred during a connection to www.gcnpublishing.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The page you are trying to view can not be shown because the
authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem.
Traffic to: http://www.gcnpublishing.com:9090/ results in:
The requested URL /login.jsp was not found on this server.
Apache/2.0.52 (CentOS) Server at www.gcnpublishing.com Port 80
And the URL is rewritten as:
http://www.gcnpublishing.com/login.jsp?url=%2Findex.jsp
Which is getting mangled. However if I enter:
http://www.gcnpublishing.com:9090/login.jsp?url=%2Findex.jsp
It seems to work. Somehow it's getting re-written in correctly.
Here are my configs:
upstream gcn-chat {
server 74.201.38.2:9090 ;
server 74.201.39.2:9090 backup ;
}
server {
listen 74.201.40.2:9090 ;
server_name gcn-chat.gcnpublishing.com ;
location / {
proxy_pass http://gcn-chat ;
proxy_redirect off;
proxy_set_header Host $host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
}
# Load a bunch of stuff for proxying
# include /etc/nginx/proxy.conf ;
}
upstream gcn-ssl {
server 74.201.38.2:443 ;
server 74.201.39.2:443 backup ;
}
server {
listen 74.201.40.2:443 ;
server_name www.gcnpublishing.com ;
ssl on ;
location / {
proxy_set_header X-FORWARDED_PROTO https;
proxy_pass https://gcn-ssl ;
include /etc/nginx/proxy.conf ;
}
} # server
upstream 74.201.40.2 {
server 74.201.38.2 ;
server 74.201.39.2 backup ;
}
server {
listen 74.201.40.2:80;
server_name www.gcnpublishing.com ;
access_log logs/74.201.40.2-access_log ;
location / {
proxy_pass http://74.201.40.2$request_uri ;
# proxy_pass http://$proxy_host:$proxy_port/ ;
}
# Load a bunch of stuff for proxying
include /etc/nginx/proxy.conf ;
}
And /etc/nginx/proxy.conf
# proxy.conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
Any suggestions or advice would be greatly appreciated.
sean
--
Sean Fulton
GCN Publishing, Inc.
Internet Design, Development and Consulting For Today's Media Companies
http://www.gcnpublishing.com
(203) 665-6211, x203
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the nginx
mailing list