Hi List<br><br>I inherited the following setup:<br><br>nginx reverse caching proxy load balancing to two real servers. I am trying to get SSL working.<br><br>Here is my config:<br><br>++++++++++++++++++++++++++++++++++++++++++++<br>
upstream ssl-apache_cluster {<br> server <a href="http://10.0.0.3:443">10.0.0.3:443</a>;<br> server <a href="http://10.0.0.6:443">10.0.0.6:443</a>;<br> fair;<br>}<br><br>server {<br> listen <a href="http://196.37.50.51:443">196.37.50.51:443</a>;<br>
client_max_body_size 5M;<br> client_body_buffer_size 128k;<br> server_name######################;<br> access_log /var/log/nginx/##########.access.log;<br><br> ssl on;<br> ssl_certificate /etc/nginx/ssl/#########.crt;<br>
ssl_certificate_key /etc/nginx/ssl/domain.key;<br> ssl_session_cache shared:SSL:10m;<br><br><br> location / {<br> access_log off;<br> proxy_set_header X-Forwarded-Host $host;<br>
proxy_set_header X-Forwarded-Server $host;<br> proxy_set_header Host $host;<br> proxy_set_header X-Real-IP $remote_addr;<br> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
proxy_pass <a href="https://ssl-apache_cluster">https://ssl-apache_cluster</a>;<br> }<br>location ~* \.(jpg|jpeg|peg|PEG|gif|png|bmp|flv|pdf|ps|doc|mp3|wmv|wma|wav|swf|JPG|BMP|GIF|PNG|JPEG|ogg|mpg|mpeg|mpg4|zip|bz2|rar|xls|docx|avi|djvu|mp4|rtf|ico)$ {<br>
root /var/www/jmredev;<br> expires 60;<br> slowfs_cache fastcache;<br> slowfs_cache_key $uri;<br> slowfs_cache_valid 7d;<br> access_log off;<br>
}<br><br> location ~* \.(css|js)$ {<br> root /var/www/jmredev;<br> expires 60;<br> slowfs_cache fastcache;<br> slowfs_cache_key $uri;<br>
slowfs_cache_valid 5m;<br> access_log off;<br> }<br><br><br>location ~* \.(mjs|mcss)$ {<br> set $domain www.j########; # Change this to your site's domain name<br>
set $root_fcgi /var/www/fastcache/; # Change this to the public root folder of your site<br> set $root_cache /var/cache/nginx/minified; # Change this to a folder in which to cache the minified files<br> set $min_dir /usr/local/nginx/minify/min; # Change this folder to wherever you put the Minify files<br>
<br> include fastcgi_params;<br> fastcgi_param SITE_ROOT $root_fcgi;<br> fastcgi_param SCRIPT_FILENAME $min_dir/minifier.php;<br> fastcgi_param PATH_INFO minifier.php;<br> fastcgi_param SERVER_NAME $domain;<br> fastcgi_param CACHE_DIR $root_cache;<br>
<br> root $root_cache;<br><br> expires max;<br><br> gzip_static on; # You will need to have installed Nginx using the --with-http_gzip_static_module flag for this to work<br> gzip_http_version 1.1;<br> gzip_proxied expired no-cache no-store private auth;<br>
gzip_disable "MSIE [1-6]\.";<br> gzip_vary on;<br><br># If there is not already a cached copy, create one<br> if (!-f $request_filename) {<br> root $root_fcgi;<br> fastcgi_pass <a href="http://127.0.0.1:9000">127.0.0.1:9000</a>;<br>
}<br>}<br><br><br> location ^~ /blog/sites/default/files/ {<br> proxy_redirect off;<br><br> access_log off;<br> proxy_set_header X-Forwarded-Host $host;<br> proxy_set_header X-Forwarded-Server $host;<br>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br> proxy_set_header Host $host;<br> proxy_set_header X-Real-IP $remote_addr;<br> proxy_pass <a href="https://ssl-apache_cluster">https://ssl-apache_cluster</a>;<br>
}<br><br><br>}<br><br><br>===========================================================================<br><br>When I try and start NGINX I get the following error:<br><br>reloading nginx configuration: nginx: [emerg] unknown directive "ssl" in /etc/nginx/sites-enabled/j#########l_ssl:21<br>
<br>And this error in the browser:<br><br>SSL received a record that exceeded the maximum permissible length.<br><br>(Error code: ssl_error_rx_record_too_long)<br><br><br>I am running Ubuntu server 10.04.2 LTS and NGINX 10.0.3<br>
<br><br>Many thanks<br><br>Lawrence<br><br><br><br><br><br>