ssl problems
Jim Ohlstein
jim at ohlste.in
Sun Mar 11 12:42:45 UTC 2012
On 3/11/12 8:38 AM, Lawrence Strydom wrote:
> Hi List
>
> I inherited the following setup:
>
> nginx reverse caching proxy load balancing to two real servers. I am
> trying to get SSL working.
>
> Here is my config:
>
> ++++++++++++++++++++++++++++++++++++++++++++
> upstream ssl-apache_cluster {
> server 10.0.0.3:443 <http://10.0.0.3:443>;
> server 10.0.0.6:443 <http://10.0.0.6:443>;
> fair;
> }
>
> server {
> listen 196.37.50.51:443 <http://196.37.50.51:443>;
> client_max_body_size 5M;
> client_body_buffer_size 128k;
> server_name######################;
> access_log /var/log/nginx/##########.access.log;
>
> ssl on;
> ssl_certificate /etc/nginx/ssl/#########.crt;
> ssl_certificate_key /etc/nginx/ssl/domain.key;
> ssl_session_cache shared:SSL:10m;
>
>
> location / {
> access_log off;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_pass https://ssl-apache_cluster;
> }
> location ~*
> \.(jpg|jpeg|peg|PEG|gif|png|bmp|flv|pdf|ps|doc|mp3|wmv|wma|wav|swf|JPG|BMP|GIF|PNG|JPEG|ogg|mpg|mpeg|mpg4|zip|bz2|rar|xls|docx|avi|djvu|mp4|rtf|ico)$
> {
> root /var/www/jmredev;
> expires 60;
> slowfs_cache fastcache;
> slowfs_cache_key $uri;
> slowfs_cache_valid 7d;
> access_log off;
> }
>
> location ~* \.(css|js)$ {
> root /var/www/jmredev;
> expires 60;
> slowfs_cache fastcache;
> slowfs_cache_key $uri;
> slowfs_cache_valid 5m;
> access_log off;
> }
>
>
> location ~* \.(mjs|mcss)$ {
> set $domain www.j########; # Change this to your site's
> domain name
> set $root_fcgi /var/www/fastcache/; # Change this to the public
> root folder of your site
> set $root_cache /var/cache/nginx/minified; # Change this to a
> folder in which to cache the minified files
> set $min_dir /usr/local/nginx/minify/min; # Change this
> folder to wherever you put the Minify files
>
> include fastcgi_params;
> fastcgi_param SITE_ROOT $root_fcgi;
> fastcgi_param SCRIPT_FILENAME $min_dir/minifier.php;
> fastcgi_param PATH_INFO minifier.php;
> fastcgi_param SERVER_NAME $domain;
> fastcgi_param CACHE_DIR $root_cache;
>
> root $root_cache;
>
> expires max;
>
> gzip_static on; # You will need to have installed Nginx using the
> --with-http_gzip_static_module flag for this to work
> gzip_http_version 1.1;
> gzip_proxied expired no-cache no-store private auth;
> gzip_disable "MSIE [1-6]\.";
> gzip_vary on;
>
> # If there is not already a cached copy, create one
> if (!-f $request_filename) {
> root $root_fcgi;
> fastcgi_pass 127.0.0.1:9000 <http://127.0.0.1:9000>;
> }
> }
>
>
> location ^~ /blog/sites/default/files/ {
> proxy_redirect off;
>
> access_log off;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_pass https://ssl-apache_cluster;
> }
>
>
> }
>
>
> ===========================================================================
>
> When I try and start NGINX I get the following error:
>
> reloading nginx configuration: nginx: [emerg] unknown directive "ssl" in
> /etc/nginx/sites-enabled/j#########l_ssl:21
>
Most likely nginx is built without ssl.
What's the output of nginx -V ?
> And this error in the browser:
>
> SSL received a record that exceeded the maximum permissible length.
>
> (Error code: ssl_error_rx_record_too_long)
>
>
> I am running Ubuntu server 10.04.2 LTS and NGINX 10.0.3
>
>
> Many thanks
>
> Lawrence
>
>
>
>
--
Jim Ohlstein
More information about the nginx
mailing list