Some problem with SSL on 0.6.31, same config works on 0.5.35

Paul paul at gtcomm.net
Wed Jun 18 19:13:39 MSD 2008


SSL times out or gives blank page..
What has changed from 0.5.35 to 0.6.31 for ssl support?

Log file shows:
2008/06/18 09:24:04 [error] 21382#0: *33 upstream timed out (110: 
Connection timed out) while reading upstream, client: x.x.x.x, server: 
blah.com, request: "GET /favicon.ico HTTP/1.1", upstream: 
"https://2.2.2.2:443/favicon.ico", host: "1.1.1.1"

It shows this on every SSL request to the backend.  

Configuration ::

user  www www;

worker_processes 16;
error_log  logs/error.log;
worker_rlimit_nofile 65000;

events
{

        worker_connections 40000;
}

http
{
        access_log off;
        sendfile       on;
        tcp_nopush     on;
        tcp_nodelay    on;
        keepalive_timeout  60;
        output_buffers 8 256k;
        server_tokens off;
        ssl_verify_client off;
        ssl_session_timeout  5m;

#       cache_max_size 24;

        gzip on;
#       gzip_min_length 1100;
        gzip_buffers 4 8k;
#       gzip_types text/plain text/html text/xhtml text/css text/js;

        proxy_buffering on;
        proxy_buffer_size 1024k;
        proxy_buffers 16 512k;
        proxy_busy_buffers_size 4096k;
        proxy_temp_file_write_size 1024k;
        proxy_intercept_errors on;
        client_body_buffer_size 2048k;

        server
        {
                listen 1.1.1.1:443;
                ssl on;
                ssl_certificate         /usr/local/nginx/conf/1234.crt;
                ssl_certificate_key     /usr/local/nginx/conf/1234.key;
                location /
                {
                        proxy_pass https://2.2.2.2;
                        proxy_redirect https://2.2.2.2/    
http://$http_host/;
                        proxy_redirect default;
                        proxy_set_header        Host            
$host;         
                        proxy_set_header        X-Real-IP       
$remote_addr;  
                        proxy_set_header        X-Forwarded-For 
$remote_addr;  
                        proxy_set_header X-FORWARDED_PROTO https;
                }
        }

}






More information about the nginx mailing list