how to allow apache to control SSL traffic ?

Joydeep Bakshi joydeep.bakshi at
Mon Apr 21 09:30:22 UTC 2014

Hello Jonathan,

thanks for your response. Here is the details what I have done so far.

SSL configuration for nginx is as below

server {

 listen 443 ssl;
 server_name <>;
 gzip on; # Turn on gZip
 gzip_disable msie6;
 gzip_static on;
 gzip_comp_level 9;
 gzip_proxied any;
 gzip_types text/plain text/css application/x-javascript text/xml
application/xml application/xml+rss text/javascript;

ssl_certificate  /etc/apache2/myca/server.crt;
ssl_certificate_key /etc/apache2/myca/ssl.key;

ssl_protocols  SSLv2 SSLv3 TLSv1;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

 location / {
  proxy_redirect off; # Do not redirect this proxy - It needs to be
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Server-Address $server_addr;
  proxy_pass_header Set-Cookie;


accordingly apache has

Listen 4443
#  General setup for the virtual host

DocumentRoot /srv/www/htdocs/xxx

SSLEngine on
#Here, I am allowing only "high" and "medium" security key lengths.
#Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
SSLProtocol all -SSLv2
#Server Certificate:
SSLCertificateFile /etc/apache2/myca/server.crt
#Server Private Key:
SSLCertificateKeyFile /etc/apache2/myca/ssl.key
# Server Certificate Chain
SSLCertificateChainFile /etc/apache2/myca/ssl.crt


DirectoryIndex index.php

<Directory "/srv/www/htdocs/xxxi/">
Options Indexes FollowSymLinks MultiViews
AllowOverride ALL
Options None
Order allow,deny
Allow from all

but when try to access SSL , nginx error.log shows

*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to

Hope the info help


On Mon, Apr 21, 2014 at 2:18 PM, Jonathan Matthews
<contact at>wrote:

> On 21 Apr 2014 07:01, "Joydeep Bakshi" <joydeep.bakshi at>
> wrote:
> >
> > Hello list,
> >
> > My apache vhosts are configured to take care of SSL connections. I have
> installed  nginix as http accelerator. How can I instruct nginx to pass all
> SSL request to apache SSL vhost ?
> Most simply, try stopping nginx listening on port 443 and make apache
> listen on 443.
> If you want more advanced suggestions than that, you'll probably have to
> explain what you're trying to do in more detail.
> J
> _______________________________________________
> nginx mailing list
> nginx at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list