<div dir="ltr">Ok. I was able to get it working by changing this:<div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">proxy_pass </span><a href="http://ssl_test-resolve.cspire.net/" target="_blank" style="font-size:12.8px">http://ssl_myapplicationsite.net</a><span style="font-size:12.8px">;</span><br></div><div> </div><div>to this:</div><div><br></div><div><span style="font-size:12.8px">proxy_pass </span><a href="http://ssl_test-resolve.cspire.net/" target="_blank" style="font-size:12.8px"><b>https</b>://ssl_myapplicationsite.net</a><span style="font-size:12.8px">;</span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 27, 2016 at 12:07 PM, Brian Pugh <span dir="ltr"><<a href="mailto:project722@gmail.com" target="_blank">project722@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Still not working. <div><br></div><div>Logs show:</div><div><br></div><div><div>2016/07/27 11:59:35 [warn] 28038#28038: *3 upstream server temporarily disabled while reading response header from upstream, client: 192.168.254.202, server: <a href="http://myapplicationsite.net" target="_blank">myapplicationsite.net</a>, request: "GET / HTTP/1.1", upstream: <b>"<a href="http://192.168.155.120:443/" target="_blank">http://192.168.155.120:443/</a>"</b>, host: "<a href="http://myapplicationsite.net" target="_blank">myapplicationsite.net</a>"</div></div><div><br></div><div>Why does it show http:// with :443 here? </div><div><br></div><div>Here is my updated config:</div><div><br></div><div><div>http {</div><div> upstream <a href="http://mysiteapplication.net" target="_blank">mysiteapplication.net</a> {</div><span class=""><div> # Use ip hash for session persistance</div><div> ip_hash;</div></span><div> server backendappsite1:80;</div><div> server backendsiteapp2:80;</div><div> server backendsiteapp3:80;</div><span class=""><div><br></div><div> # The below only works on nginx plus</div><div> #sticky route $route_cookie $route_uri;</div><div>}</div></span><div> upstream <a href="http://ssl_mysiteapplication.net.net" target="_blank">ssl_mysiteapplication.net.net</a> {</div><span class=""><div> # Use ip hash for session persistance</div><div> ip_hash;</div></span><div> server backendappsite1:443;</div><div> server backendappsite2:443;</div><div> server backendappsite3:443;</div><span class=""><div><br></div><div> # The below only works on nginx plus</div><div> #sticky route $route_cookie $route_uri;</div><div>}</div></span></div><div><br></div><div>Crasyangel - I am not sure where I am supposed to put this:</div><span class=""><div><br></div><div><span style="font-size:12.8px">u.default_port = 80; in ngx_http_upstream_server</span><br></div><div><span style="font-size:12.8px"><br></span></div></span><div><span style="font-size:12.8px">I tried it inside my http upstream block and got a message about</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">unknown directive "u.default_port"</span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Here is my updated default.conf:</span></div><div><span style="font-size:12.8px"><br></span></div><div><span class=""><div><span style="font-size:12.8px">server {</span></div><div><span style="font-size:12.8px"> listen 443 ssl;</span></div><div><span style="font-size:12.8px"> server_name <a href="http://myapplicationsite.net" target="_blank">myapplicationsite.net</a>;</span></div><div><span style="font-size:12.8px"> keepalive_timeout 70;</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"> ssl_certificate /appssl/fd.crt;</span></div><div><span style="font-size:12.8px"> ssl_certificate_key /appssl/lb.key;</span></div><div><span style="font-size:12.8px"> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</span></div><div><span style="font-size:12.8px"> ssl_ciphers HIGH:!aNULL:!MD5;</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"> location / {</span></div></span><div><span style="font-size:12.8px"> proxy_pass <a href="http://ssl_test-resolve.cspire.net" target="_blank">http://ssl_test-resolve.cspire.net</a>;</span></div><div><span style="font-size:12.8px"> proxy_set_header HOST <a href="http://test-resolve.cspire.net" target="_blank">test-resolve.cspire.net</a>;</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"> }</span></div><div><span style="font-size:12.8px"> }</span></div><div style="font-size:12.8px"><br></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 27, 2016 at 11:18 AM, Reinis Rozitis <span dir="ltr"><<a href="mailto:r@roze.lv" target="_blank">r@roze.lv</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
: "<a href="http://myapplicationsite.net" rel="noreferrer" target="_blank">myapplicationsite.net</a>"<br>
2016/07/27 10:54:05 [warn] 27491#27491: *3 upstream server temporarily disabled while connecting to upstream, client: 192.168.254.202, server:<br>
<a href="http://myapplicationsite.net" rel="noreferrer" target="_blank">myapplicationsite.net</a>, request: "GET / HTTP/1.1", upstream: "<a href="http://192.168.155.120:80/" rel="noreferrer" target="_blank">http://192.168.155.120:80/</a>", host: "<a href="http://myapplicationsite.net" rel="noreferrer" target="_blank">myapplicationsite.net</a>"<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Why is it trying to connect to my servers over port 80? I need to pass it over on 443. How can I accomplish this? Even if I change the proxy pass to https in the logs it still trys<br>
</blockquote>
<br></span>
As you don't specify the port in upstream {} block nginx uses the default which is 80 ( <a href="http://nginx.org/en/docs/http/ngx_http_upstream_module.html#server" rel="noreferrer" target="_blank">http://nginx.org/en/docs/http/ngx_http_upstream_module.html#server</a> )<br>
<br>
Also for secure backend connection you should enable proxy_ssl.<br>
<br>
Reading <a href="https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-upstreams/" rel="noreferrer" target="_blank">https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-upstreams/</a> should probably be a good start.<span><font color="#888888"><br>
<br>
<br>
rr</font></span><div><div><br>
<br>
<br>
<br>
<br>
On Wed, Jul 27, 2016 at 10:42 AM, Reinis Rozitis <<a href="mailto:r@roze.lv" target="_blank">r@roze.lv</a>> wrote:<br>
Can anyone give me an example config of what it would look like in both nginx.conf and default.conf using the names/info I have provided?<br>
<br>
It seems you have taken the default configuration example but if you use nginx as a balancer without serving any .php (or other) files you actually don't need those *.php etc locations - a single location / {} will do the job (means all requests go to backends).<br>
<br>
For example:<br>
<br>
<br>
http {<br>
upstream <a href="http://myappliationsite.net" rel="noreferrer" target="_blank">myappliationsite.net</a> {<br>
ip_hash;<br>
server <a href="http://backendappsite1.net" rel="noreferrer" target="_blank">backendappsite1.net</a>;<br>
server <a href="http://backendappsite2.net" rel="noreferrer" target="_blank">backendappsite2.net</a>;<br>
server <a href="http://backendappsite3.net" rel="noreferrer" target="_blank">backendappsite3.net</a>;<br>
}<br>
<br>
server {<br>
listen 80;<br>
listen 443 ssl;<br>
<br>
server_name <a href="http://myappliationsite.net" rel="noreferrer" target="_blank">myappliationsite.net</a>;<br>
<br>
location / {<br>
proxy_pass <a href="http://myappliationsite.net" rel="noreferrer" target="_blank">http://myappliationsite.net</a>;<br>
proxy_set_header HOST <a href="http://myappliationsite.net" rel="noreferrer" target="_blank">myappliationsite.net</a>;<br>
}<br>
}<br>
<br>
<br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a> <br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>