<html><head></head><body style="zoom: 0%;"><div dir="auto">Bad Gateway indicates the backend you are sending to is not valid in some way - check the nginx error.log output to see what happened when trying to send it to your proxypass'd backend<br><br></div>
<div dir="auto"><!-- tmjah_g_1299s -->Get <!-- tmjah_g_1299e --><a href="http://www.bluemail.me/r?b=15997"><!-- tmjah_g_1299s -->BlueMail for Android<!-- tmjah_g_1299e --></a><!-- tmjah_g_1299s --> <!-- tmjah_g_1299e --></div>
<div style="font-size:10.0pt;font-family:"Tahoma","sans-serif";padding:3.0pt 0in 0in 0in">
<hr style="border:none;border-top:solid #E1E1E1 1.0pt">
<b>From:</b> ravansh <nginx-forum@forum.nginx.org><br>
<b>Sent:</b> Sun Sep 06 10:15:28 EDT 2020<br>
<b>To:</b> nginx@nginx.org<br>
<b>Subject:</b> Unable to proxy pass to https backend on nginx<br>
</nginx-forum@forum.nginx.org></div>
<br>
<pre class="blue">I am unable to reverse proxy to my https backend. what am i doing wrong? I<br>am using the same set of cert for the backend and frontend as I am running<br>them both on the same machine. I got my certificates from zerossl. Here is<br>the error I get :<br><br>curl --cacert /etc/ssl/certs/ca_bundle.crt <a href="https://www.ravi.guru">https://www.ravi.guru</a><br><br> <html><br> <head><title>502 Bad Gateway</title></head><br> <body><br> <center><h1>502 Bad Gateway</h1></center><br> <hr><center>nginx/1.16.1</center><br> </body><br> </html><br>In my /var/log/nginx/error.log I get this:<br><br>2020/09/06 01:50:53 [error] 2603#0: *4 upstream SSL certificate verify<br>error: (2:unable to get > issuer certificate) while SSL handshaking to<br>upstream, client: <a href="http://192.168.103.15">192.168.103.15</a>, server: <a href="http://www.ravi.guru">www.ravi.guru</a>, request: "GET /<br>HTTP/1.1", upstream: "<a href="https://192.168.103.15:8080">https://192.168.103.15:8080</a>/", host: "<a href="http://www.ravi.guru">www.ravi.guru</a>"<br><br>When I connect to backend directly, all goes well:<br><br>curl --cacert /etc/ssl/certs/ca_bundle.crt <a href="https://www.ravi.guru:8080">https://www.ravi.guru:8080</a><br><br>hi<br><br><br>my index.html is a file with an entry "hi"<br><br>===============<br>Here is my config file<br>===============<br><br><br> server {<br> listen 443 http2 ssl;<br> server_name <a href="http://www.ravi.guru">www.ravi.guru</a>;<br> ssl_certificate /etc/ssl/certs/certificate.crt;<br> ssl_certificate_key /etc/ssl/private/private.key;<br> ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;<br> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br> ssl_ciphers HIGH:!aNULL:!MD5;<br><br><br> location / {<br> proxy_pass <a href="https://www.ravi.guru:8080">https://www.ravi.guru:8080</a>;<br> proxy_ssl_certificate /etc/ssl/certs/certificate.crt;<br> proxy_ssl_certificate_key /etc/ssl/private/private.key;<br> proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br> proxy_ssl_ciphers HIGH:!aNULL:!MD5;<br> proxy_ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;<br> proxy_ssl_verify on;<br> proxy_ssl_verify_depth 2;<br> proxy_ssl_session_reuse on;<br> }<br>}<br>server {<br>listen 8080 http2 ssl;<br>#listen [::]:443 http2 ssl;<br><br>server_name <a href="http://www.ravi.guru">www.ravi.guru</a>;<br><br>ssl_certificate /etc/ssl/certs/certificate.crt;<br>ssl_certificate_key /etc/ssl/private/private.key;<br>ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;<br>ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br>ssl_ciphers HIGH:!aNULL:!MD5;<br>root /var/www/<a href="http://ravi.guru/html">ravi.guru/html</a>;<br><br>index index.html index.htm index.nginx-debian.html;<br>}<br><br>Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,289329,289329#msg-289329">https://forum.nginx.org/read.php?2,289329,289329#msg-289329</a><br><br><hr><br>nginx mailing list<br>nginx@nginx.org<br><a href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a><br><br></pre></body></html>