Two Problems with proxy_pass to upstream

Sean Fulton sean at gcnpublishing.com
Tue Oct 28 16:27:51 MSK 2008


Yes, that is the problem. The NGINX server you are hitting is supposed 
to pass the request to an upstream apache server but it isn't.

sean


Dave Cheney wrote:
> Hi Sean,
>
> Firstly, let me commend you on giving a full config, without obfuscation.
> This makes things a lot easier.
>
> It looks like SSL isn't correctly setup on port 443
>
> lucky:~ dcheney$ openssl s_client -connect www.gcnpublishing.com:443
> CONNECTED(00000003)
> 23096:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:585:
> lucky:~ dcheney$ telnet www.gcnpublishing.com 443
> Trying 74.201.40.2...
> Connected to www.gcnpublishing.com.
> Escape character is '^]'.
> hello
> <html>
> <head><title>400 Bad Request</title></head>
> <body bgcolor="white">
> <center><h1>400 Bad Request</h1></center>
> <hr><center>nginx/0.6.32</center>
> </body>
> </html>
> Connection closed by foreign host.
>
> Cheers
>
> Dave
>
> n Mon, 27 Oct 2008 18:50:38 -0400, Sean Fulton <sean at gcnpublishing.com>
> wrote:
>   
>> I am trying to proxy traffic to a pair of apache web servers using nginx 
>> with proxy_pass and upstream. All works well for port 80, even given 
>> that the apache server is using NameVirtualHost and has a half-dozen 
>> sites on it. All fine.
>>
>> The problems I have are for traffic going to port 443 (SSL) and 9090 
>> (this is a java app).
>>
>> SSL traffic results in the following error:
>> Secure Connection Failed
>> An error occurred during a connection to www.gcnpublishing.com.
>> SSL received a record that exceeded the maximum permissible length.
>> (Error code: ssl_error_rx_record_too_long)
>> The page you are trying to view can not be shown because the 
>> authenticity of the received data could not be verified.
>> * Please contact the web site owners to inform them of this problem.
>>
>> Traffic to: http://www.gcnpublishing.com:9090/ results in:
>> The requested URL /login.jsp was not found on this server.
>> Apache/2.0.52 (CentOS) Server at www.gcnpublishing.com Port 80
>> And the URL is rewritten as:
>> http://www.gcnpublishing.com/login.jsp?url=%2Findex.jsp
>> Which is getting mangled. However if I enter:
>> http://www.gcnpublishing.com:9090/login.jsp?url=%2Findex.jsp
>> It seems to work. Somehow it's getting re-written in correctly.
>>
>> Here are my configs:
>>     upstream gcn-chat {
>>         server 74.201.38.2:9090 ;
>>         server 74.201.39.2:9090 backup ;
>>     }
>>
>>     server {
>>     listen 74.201.40.2:9090 ;
>>     server_name gcn-chat.gcnpublishing.com ;
>>
>>     location / {
>>         proxy_pass http://gcn-chat ;
>>         proxy_redirect off;
>>         proxy_set_header Host $host ;
>>         proxy_set_header X-Real-IP $remote_addr ;
>>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
>>
>>
>>     }
>>     # Load a bunch of stuff for proxying
>>     #        include /etc/nginx/proxy.conf ;
>>     }
>>
>>     upstream gcn-ssl {
>>         server 74.201.38.2:443 ;
>>         server 74.201.39.2:443 backup ;
>>     }
>>
>>     server {
>>    
>>     listen 74.201.40.2:443 ;
>>     server_name www.gcnpublishing.com ;
>>     ssl on ;
>>     location / {
>>         proxy_set_header X-FORWARDED_PROTO https;
>>         proxy_pass https://gcn-ssl ;
>>          include /etc/nginx/proxy.conf ;
>>     }
>>     }    # server
>>
>>
>>
>>
>>
>>     upstream 74.201.40.2 {
>>         server 74.201.38.2 ;
>>         server 74.201.39.2 backup ;
>>     }
>>
>>         server {
>>     listen    74.201.40.2:80;
>>         server_name  www.gcnpublishing.com ;
>>     access_log logs/74.201.40.2-access_log ;
>>
>>
>>         location / {
>>         proxy_pass http://74.201.40.2$request_uri ;
>>         # proxy_pass http://$proxy_host:$proxy_port/ ;
>>         }
>>
>>     # Load a bunch of stuff for proxying
>>         include /etc/nginx/proxy.conf ;
>>     }
>>    
>>
>> And /etc/nginx/proxy.conf
>> # proxy.conf
>> proxy_redirect off;
>> proxy_set_header Host $host;
>> proxy_set_header X-Real-IP $remote_addr;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> client_max_body_size 10m;
>> client_body_buffer_size 128k;
>> proxy_connect_timeout 90;
>> proxy_send_timeout 90;
>> proxy_read_timeout 90;
>> proxy_buffer_size 4k;
>> proxy_buffers 4 32k;
>> proxy_busy_buffers_size 64k;
>> proxy_temp_file_write_size 64k;
>>
>> Any suggestions or advice would be greatly appreciated.
>>
>> sean
>>
>>
>>
>>
>>
>>
>>
>> -- 
>> Sean Fulton
>> GCN Publishing, Inc.
>> Internet Design, Development and Consulting For Today's Media Companies
>> http://www.gcnpublishing.com
>> (203) 665-6211, x203
>>
>>
>>
>>
>>     
>
>
>   

-- 
Sean Fulton
GCN Publishing, Inc.
Internet Design, Development and Consulting For Today's Media Companies
http://www.gcnpublishing.com
(203) 665-6211, x203


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20081028/79efe402/attachment.html>


More information about the nginx mailing list