Two Problems with proxy_pass to upstream
Dave Cheney
dave at cheney.net
Tue Oct 28 10:52:33 MSK 2008
Hi Sean,
Firstly, let me commend you on giving a full config, without obfuscation.
This makes things a lot easier.
It looks like SSL isn't correctly setup on port 443
lucky:~ dcheney$ openssl s_client -connect www.gcnpublishing.com:443
CONNECTED(00000003)
23096:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:585:
lucky:~ dcheney$ telnet www.gcnpublishing.com 443
Trying 74.201.40.2...
Connected to www.gcnpublishing.com.
Escape character is '^]'.
hello
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/0.6.32</center>
</body>
</html>
Connection closed by foreign host.
Cheers
Dave
n Mon, 27 Oct 2008 18:50:38 -0400, Sean Fulton <sean at gcnpublishing.com>
wrote:
> I am trying to proxy traffic to a pair of apache web servers using nginx
> with proxy_pass and upstream. All works well for port 80, even given
> that the apache server is using NameVirtualHost and has a half-dozen
> sites on it. All fine.
>
> The problems I have are for traffic going to port 443 (SSL) and 9090
> (this is a java app).
>
> SSL traffic results in the following error:
> Secure Connection Failed
> An error occurred during a connection to www.gcnpublishing.com.
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
> The page you are trying to view can not be shown because the
> authenticity of the received data could not be verified.
> * Please contact the web site owners to inform them of this problem.
>
> Traffic to: http://www.gcnpublishing.com:9090/ results in:
> The requested URL /login.jsp was not found on this server.
> Apache/2.0.52 (CentOS) Server at www.gcnpublishing.com Port 80
> And the URL is rewritten as:
> http://www.gcnpublishing.com/login.jsp?url=%2Findex.jsp
> Which is getting mangled. However if I enter:
> http://www.gcnpublishing.com:9090/login.jsp?url=%2Findex.jsp
> It seems to work. Somehow it's getting re-written in correctly.
>
> Here are my configs:
> upstream gcn-chat {
> server 74.201.38.2:9090 ;
> server 74.201.39.2:9090 backup ;
> }
>
> server {
> listen 74.201.40.2:9090 ;
> server_name gcn-chat.gcnpublishing.com ;
>
> location / {
> proxy_pass http://gcn-chat ;
> proxy_redirect off;
> proxy_set_header Host $host ;
> proxy_set_header X-Real-IP $remote_addr ;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
>
>
> }
> # Load a bunch of stuff for proxying
> # include /etc/nginx/proxy.conf ;
> }
>
> upstream gcn-ssl {
> server 74.201.38.2:443 ;
> server 74.201.39.2:443 backup ;
> }
>
> server {
>
> listen 74.201.40.2:443 ;
> server_name www.gcnpublishing.com ;
> ssl on ;
> location / {
> proxy_set_header X-FORWARDED_PROTO https;
> proxy_pass https://gcn-ssl ;
> include /etc/nginx/proxy.conf ;
> }
> } # server
>
>
>
>
>
> upstream 74.201.40.2 {
> server 74.201.38.2 ;
> server 74.201.39.2 backup ;
> }
>
> server {
> listen 74.201.40.2:80;
> server_name www.gcnpublishing.com ;
> access_log logs/74.201.40.2-access_log ;
>
>
> location / {
> proxy_pass http://74.201.40.2$request_uri ;
> # proxy_pass http://$proxy_host:$proxy_port/ ;
> }
>
> # Load a bunch of stuff for proxying
> include /etc/nginx/proxy.conf ;
> }
>
>
> And /etc/nginx/proxy.conf
> # proxy.conf
> proxy_redirect off;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> client_max_body_size 10m;
> client_body_buffer_size 128k;
> proxy_connect_timeout 90;
> proxy_send_timeout 90;
> proxy_read_timeout 90;
> proxy_buffer_size 4k;
> proxy_buffers 4 32k;
> proxy_busy_buffers_size 64k;
> proxy_temp_file_write_size 64k;
>
> Any suggestions or advice would be greatly appreciated.
>
> sean
>
>
>
>
>
>
>
> --
> Sean Fulton
> GCN Publishing, Inc.
> Internet Design, Development and Consulting For Today's Media Companies
> http://www.gcnpublishing.com
> (203) 665-6211, x203
>
>
>
>
More information about the nginx
mailing list