<div dir="ltr"><div>Since your backend is already doing ssl, you should remove ssl from the listen, so that nginx will just do a simple TCP pass through:</div><div><br></div><div>Change</div><div>listen 443 ssl;</div><div>to</div><div>listen 443;</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 4, 2018 at 12:31 AM, shivramg94 <span dir="ltr"><<a href="mailto:nginx-forum@forum.nginx.org" target="_blank">nginx-forum@forum.nginx.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
We are trying to configure TCP load balancing with TLS termination. But when<br>
we try to access the URL, we could see the below error in the nginx error<br>
and access logs<br>
<br>
Nginx Error Log:<br>
<br>
2018/07/04 07:16:45 [crit] 7944#0: *61 SSL_do_handshake() failed (SSL:<br>
error:1407609B:SSL routines:SSL23_GET_CLIENT_<wbr>HELLO:https proxy request)<br>
while SSL handshaking, client: XX.XXX.XX.XX, server: <a href="http://0.0.0.0:443" rel="noreferrer" target="_blank">0.0.0.0:443</a><br>
<br>
Nginx Access Log:<br>
<br>
10.90.241.125 - - [04/Jul/2018:07:24:55 +0000] TCP 500 0 0 0.000 "-"<br>
<br>
The nginx.conf file looks like this<br>
<br>
stream {<br>
log_format sample '$remote_addr - - [$time_local] $protocol $status<br>
$bytes_sent $bytes_received $session_time "$upstream_addr"';<br>
upstream backends {<br>
server <a href="http://sample-domain-name.com:443" rel="noreferrer" target="_blank">sample-domain-name.com:443</a>;<br>
}<br>
server {<br>
listen 443 ssl;<br>
access_log /etc/access_logs/tcp_access_<wbr>log sample;<br>
ssl_certificate Certificate_PATH;<br>
ssl_certificate_key Private_Key_Path;<br>
proxy_ssl off;<br>
proxy_pass backends;<br>
}<br>
}<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,280396,280396#msg-280396" rel="noreferrer" target="_blank">https://forum.nginx.org/read.<wbr>php?2,280396,280396#msg-280396</a><br>
<br>
______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
</blockquote></div><br></div>