<div dir="ltr">Hello <span style="font-family:arial,sans-serif;font-size:13.333333969116211px;font-weight:bold;white-space:nowrap">Jonathan,</span><div><span style="font-family:arial,sans-serif;font-size:13.333333969116211px;font-weight:bold;white-space:nowrap"><br>
</span></div><div>thanks for your response. Here is the details what I have done so far.</div><div><br></div><div>SSL configuration for nginx is as below</div><div><br></div><div><div>server {</div><div><br></div>
<div> listen 443 ssl;</div><div> server_name <a href="http://example2.com" target="_blank">example.com</a>;</div><div> gzip on; # Turn on gZip</div><div> gzip_disable msie6;</div><div> gzip_static on;</div><div> gzip_comp_level 9;</div>
<div> gzip_proxied any;</div>
<div> gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;</div><div><br></div><div>ssl_certificate /etc/apache2/myca/server.crt;</div><div>ssl_certificate_key /etc/apache2/myca/ssl.key;</div>
<div><br></div><div>ssl_protocols SSLv2 SSLv3 TLSv1;</div><div>ssl_ciphers HIGH:!aNULL:!MD5;</div><div>ssl_prefer_server_ciphers on;</div><div><br></div><div><br></div><div> location / {</div><div> proxy_redirect off; # Do not redirect this proxy - It needs to be pass-through</div>
<div> proxy_set_header Host $host;</div><div> proxy_set_header X-Real-IP $remote_addr;</div><div> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div><div> proxy_set_header X-Server-Address $server_addr;</div>
<div> proxy_pass_header Set-Cookie;</div><div> proxy_pass <a href="https://127.0.0.1:4443" target="_blank">https://127.0.0.1:4443</a>;</div>
<div><br></div><div> }</div><div>}</div></div><div><br></div><div>accordingly apache has </div><div><br></div><div><div>Listen 4443</div><div><VirtualHost <a href="http://example.com:4443">example.com:4443</a>></div>
<div># General setup for the virtual host</div><div><br></div><div>DocumentRoot /srv/www/htdocs/xxx</div><div><br></div><div>SSLEngine on</div><div>#Here, I am allowing only "high" and "medium" security key lengths.</div>
<div>SSLCipherSuite HIGH:MEDIUM</div><div>#Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.</div><div>SSLProtocol all -SSLv2</div><div>#Server Certificate:</div><div>SSLCertificateFile /etc/apache2/myca/server.crt</div>
<div>#Server Private Key:</div><div>SSLCertificateKeyFile /etc/apache2/myca/ssl.key</div><div># Server Certificate Chain</div><div>SSLCertificateChainFile /etc/apache2/myca/ssl.crt</div><div><br></div><div>SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW</div>
<div><br></div><div>DirectoryIndex index.php</div><div><br></div><div><Directory "/srv/www/htdocs/xxxi/"></div><div>Options Indexes FollowSymLinks MultiViews</div><div>AllowOverride ALL</div><div>Options None</div>
<div>Order allow,deny</div><div>Allow from all</div><div></Directory></div><div></VirtualHost></div></div><div><br></div><div><br></div><div>but when try to access SSL , nginx error.log shows</div><div><br></div>
<div><span style="font-family:arial,sans-serif;font-size:13.333333969116211px">*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_</span><span style="font-family:arial,sans-serif;font-size:13.333333969116211px">HELLO:unknown protocol) while SSL handshaking to upstream</span><br>
</div><div><span style="font-family:arial,sans-serif;font-size:13.333333969116211px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13.333333969116211px">Hope the info help</span></div><div><span style="font-family:arial,sans-serif;font-size:13.333333969116211px"><br>
</span></div><div><span style="font-family:arial,sans-serif;font-size:13.333333969116211px">Thanks</span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Apr 21, 2014 at 2:18 PM, Jonathan Matthews <span dir="ltr"><<a href="mailto:contact@jpluscplusm.com" target="_blank">contact@jpluscplusm.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><p dir="ltr">On 21 Apr 2014 07:01, "Joydeep Bakshi" <<a href="mailto:joydeep.bakshi@netzrezepte.de" target="_blank">joydeep.bakshi@netzrezepte.de</a>> wrote:<br>
><br>
> Hello list,<br>
><br>
> My apache vhosts are configured to take care of SSL connections. I have installed nginix as http accelerator. How can I instruct nginx to pass all SSL request to apache SSL vhost ?</p>
</div><p dir="ltr">Most simply, try stopping nginx listening on port 443 and make apache listen on 443.</p>
<p dir="ltr">If you want more advanced suggestions than that, you'll probably have to explain what you're trying to do in more detail.</p><span class="HOEnZb"><font color="#888888">
<p dir="ltr">J</p>
</font></span><br>_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br></blockquote></div><br></div>