<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Hello,</div>
<div> </div>
<div>it worked.</div>
<div> </div>
<div>I added ssl in the line</div>
<div> </div>
<div>
<p dir="ltr" id="docs-internal-guid-dfb538aa-7fff-dbd0-81b0-54a0301f62e7" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size:11pt;font-family:'Courier New';color:#000000;background-color:#ffffff;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;">server {</span></p>
<p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size:11pt;font-family:'Courier New';color:#000000;background-color:#ffffff;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;"> listen 192.168.178.105:4200 ssl;</span></p>
</div>
<div> </div>
<div>Thanks for your help.</div>
<div> </div>
<div>Are there any relations to the nginx forum (ttps://forum.nginx.org)?</div>
<div>I tried to create an account, but didn´t receive an email for email confirmation. And I didn´t find a contact adress.</div>
<div> </div>
<div>Greetings</div>
<div>Hans</div>
<div>
<div>
<div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin:0 0 10px 0;"><b>Gesendet:</b> Freitag, 03. März 2023 um 21:45 Uhr<br/>
<b>Von:</b> "Maxim Dounin" <mdounin@mdounin.ru><br/>
<b>An:</b> nginx@nginx.org<br/>
<b>Betreff:</b> Re: Reverse Proxy 502 Bad Gateway</div>
<div name="quoted-content">Hello!<br/>
<br/>
On Fri, Mar 03, 2023 at 04:33:25PM +0100, Hans Müller wrote:<br/>
<br/>
> Hello,<br/>
> I am working in a proxmox environment, setting up a ngnix reverse proxy<br/>
> (192.168.178.103) forwarding requests via https to a nginx backend<br/>
> server (192.168.178.105). On the backend server shellinabox is<br/>
> installed. Request from the internet are secured via a Letsentcrypt<br/>
> certificate. For the encryption to the backend server I use a<br/>
> self-signed certificate.<br/>
> When I want to open the next-shell.example.com I get an 502 Bad Gateway<br/>
> error<br/>
> On the reverse proxy are the following configs<br/>
> HttpGateway<br/>
<br/>
[...]<br/>
<br/>
> location / {<br/>
> proxy_set_header Host $host;<br/>
> proxy_set_header X-Real-IP $remote_addr;<br/>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br/>
> proxy_ssl_certificate /etc/selfcerts/stern-example-cert-chain.pem;<br/>
> proxy_ssl_certificate_key /etc/selfcerts/stern-example-key.pem;<br/>
> proxy_ssl_verify off;<br/>
> proxy_pass [1]<a href="https://192.168.178.105:4200" target="_blank">https://192.168.178.105:4200</a>;<br/>
<br/>
Note you are proxying using the "https" protocol.<br/>
<br/>
[...]<br/>
<br/>
> On the backend server there is the following config<br/>
> next-shell.example.com<br/>
> server {<br/>
> listen 192.168.178.105:4200;<br/>
> server_name next-shell.example.com;<br/>
<br/>
But the backend is not configured to use SSL on the socket (or at<br/>
least this is not something visible from the configuration<br/>
provided). Note no "ssl" parameter on the listen directive.<br/>
<br/>
[...]<br/>
<br/>
> When I try to open the page there is this error in the nginx error log<br/>
> {{{<br/>
> [error] 1103#1103: *1 SSL_do_handshake() failed (SSL:<br/>
> error:0A00010B:SSL routines::wrong version<br/>
> number) while SSL handshaking to upstream, client: 95.116.52.151,<br/>
> server: next-shell.example.com, request: "GET /f<br/>
> avicon.ico HTTP/2.0", upstream:<br/>
> "[3]<a href="https://192.168.178.105:4200/favicon.ico" target="_blank">https://192.168.178.105:4200/favicon.ico</a>", host:<br/>
> "next-shell.example.com"<br/>
> }}}<br/>
><br/>
> Any idea, what I can do here?<br/>
<br/>
The error is somewhat expected: you are trying to connect to<br/>
non-SSL port using SSL, and this is expected to fail.<br/>
<br/>
You should either configure SSL on the backend, or change proxying<br/>
to use the "http" protocol instead.<br/>
<br/>
--<br/>
Maxim Dounin<br/>
<a href="http://mdounin.ru/" target="_blank">http://mdounin.ru/</a><br/>
_______________________________________________<br/>
nginx mailing list<br/>
nginx@nginx.org<br/>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a></div>
</div>
</div>
</div></div></body></html>