SSL proxy corruption

Nicholas Riley njriley at
Sat Mar 24 04:17:49 MSK 2007


I am attempting to set up nginx for load balancing.  HTTP works fine,
but I'm intermittently getting corrupted output back from HTTPS.  The
responses contain garbage after the actual end of the document.  There
appears to be some randomness/timing to this; the amount of garbage as
well as its contents varies.  In addition to Web browsers I can
replicate this with "openssl s_client" using a single HTTP 1.0
request, no keep-alive or anything.

The load balancing machine is running nginx 0.5.14 on OpenBSD.  The
balanced servers are Apache 2.2.3 and 2.0.54 on Linux.

Here is a minimal nginx.conf which demonstrates the problem:

worker_processes 1;
error_log  /var/log/nginx-error.log;

events {
  worker_connections 1024;

http {
  upstream acm-ssl {
  server {
      listen                    443;
      server_name     ;
      ssl                       on;
      ssl_certificate           /etc/nginx/;
      ssl_certificate_key       /etc/nginx/;
      keepalive_timeout         70;

      location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass              https://acm-ssl;

(And yes, I realize encrypting twice is wasteful; unfortunately we
don't yet have the ability to secure the network connection so we need
to do it this way.)

Nicholas Riley <njriley at> | <>

More information about the nginx mailing list