Two problems with proxy_pass and upstream

Sean Fulton sean at gcnpublishing.com
Tue Oct 28 15:00:47 MSK 2008


I am trying to proxy traffic to a pair of apache web servers using nginx 
with proxy_pass and upstream. All works well for port 80, even given 
that the apache server is using NameVirtualHost and has a half-dozen 
sites on it. All fine.

The problems I have are for traffic going to port 443 (SSL) and 9090 
(this is a java app).

SSL traffic results in the following error:
Secure Connection Failed
An error occurred during a connection to www.gcnpublishing.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The page you are trying to view can not be shown because the 
authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem.

Traffic to: http://www.gcnpublishing.com:9090/ results in:
The requested URL /login.jsp was not found on this server.
Apache/2.0.52 (CentOS) Server at www.gcnpublishing.com Port 80
And the URL is rewritten as:
http://www.gcnpublishing.com/login.jsp?url=%2Findex.jsp
Which is getting mangled. However if I enter:
http://www.gcnpublishing.com:9090/login.jsp?url=%2Findex.jsp
It seems to work. Somehow it's getting re-written in correctly.

Here are my configs:
   upstream gcn-chat {
       server 74.201.38.2:9090 ;
       server 74.201.39.2:9090 backup ;
   }

   server {
   listen 74.201.40.2:9090 ;
   server_name gcn-chat.gcnpublishing.com ;

   location / {
       proxy_pass http://gcn-chat ;
       proxy_redirect off;
       proxy_set_header Host $host ;
       proxy_set_header X-Real-IP $remote_addr ;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;


   }
   # Load a bunch of stuff for proxying
   #        include /etc/nginx/proxy.conf ;
   }

   upstream gcn-ssl {
       server 74.201.38.2:443 ;
       server 74.201.39.2:443 backup ;
   }

   server {
     listen 74.201.40.2:443 ;
   server_name www.gcnpublishing.com ;
   ssl on ;
   location / {
       proxy_set_header X-FORWARDED_PROTO https;
       proxy_pass https://gcn-ssl ;
        include /etc/nginx/proxy.conf ;
   }
   }    # server





   upstream 74.201.40.2 {
       server 74.201.38.2 ;
       server 74.201.39.2 backup ;
   }

       server {
   listen    74.201.40.2:80;
       server_name  www.gcnpublishing.com ;
   access_log logs/74.201.40.2-access_log ;


       location / {
       proxy_pass http://74.201.40.2$request_uri ;
       # proxy_pass http://$proxy_host:$proxy_port/ ;
       }

   # Load a bunch of stuff for proxying
       include /etc/nginx/proxy.conf ;
   }
 
And /etc/nginx/proxy.conf
# proxy.conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

Any suggestions or advice would be greatly appreciated.

sean



-- 
Sean Fulton
GCN Publishing, Inc.
Internet Design, Development and Consulting For Today's Media Companies
http://www.gcnpublishing.com
(203) 665-6211, x203



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.






More information about the nginx mailing list