Intermittent "504 SSL_do_handshake() failed"

terminal nginx-forum at nginx.us
Sun Oct 24 22:23:52 MSD 2010


I seem to be having a problem with the secure reverse proxy. I have a
"Synology Disk Station" that hosts Apache virtual servers with one being
an administration web panel, and the other "https://192.168.2.2/photo"
being a photo/blogging site.
I have googled around and looked at the NGINX forum and have found no
solution to this problem or as to what is causing it. When I first
launch nginx everything seems to work fine as expected, but after X
amount of time testing (clearing client cache and using other browsers)
I start intermittently getting "502 Bad Gateway" errors from Nginx. Both
Nginx and Synology use a self-signed certificate. I have done a
wireshark packet dump from Nginx and decrypted the packets via the
server's private key, and the only thing I noticed was 302 Not modified
headers and the SSL Alerts with Key renegotiation.

My network setup can be described as bellow:
192.168.2.2 [Synology (Apache)] <-> 192.168.2.151 [Nginx] <-> External
[Client]

My router is setup to serve only HTTPS 443 connections from my LAN to
external.

Versions:
nginx version: nginx/0.7.65 on Ubuntu 10.04.1 LTS (lucid)
Server version: Apache/2.2.16 (Unix)

[Nginx Config]
server {
        listen   443;
        ssl on;
        server_name  home.fractalengine.com;

        ##LOG
	access_log  /var/log/nginx/localhost.access.log;

        ##SSL Params
        ssl_certificate         ssl/storage.in.crt;
        ssl_certificate_key     ssl/storage.key;
        keepalive_timeout       60;
        ssl_verify_client       off;
        ssl_session_cache       off;

        location / {
                proxy_pass              https://192.168.2.2;
                proxy_next_upstream error timeout invalid_header
http_500 http_502 http_503;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_redirect     off;
                proxy_cache_use_stale   error timeout invalid_header
updating http_500 http_502 http_503 http_504;
        }

        location /doc {
                root   /usr/share;
                autoindex on;
                allow 127.0.0.1;
                deny all;
        }

        location /images {
                root   /usr/share;
                autoindex on;
        }


[NGINX ERROR Log]
2010/10/22 17:23:24 [error] 5206#0: *501 SSL_do_handshake() failed (SSL:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while
SSL handshaking to upstream, client: 69.xx.xxx.x, server:
home.myDomain.com, request: "GET /blog/modules/friend_link.js HTTP/1.1",
upstream: "https://192.168.2.2:443/blog/modules/friend_link.js", host:
"home.myDomain.com", referrer:
"https://home.myDomain.com/blog/admin_index.php"
2010/10/22 17:23:24 [error] 5206#0: *506 SSL_do_handshake() failed (SSL:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while
SSL handshaking to upstream, client: 69.xx.xxx.x, server:
home.myDomain.com, request: "GET /blog/modules/label_cloud.js HTTP/1.1",
upstream: "https://192.168.2.2:443/blog/modules/label_cloud.js", host:
"home.myDomain.com", referrer:
"https://home.myDomain.com/blog/admin_index.php"
2010/10/22 17:23:24 [error] 5206#0: *504 SSL_do_handshake() failed (SSL:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while
SSL handshaking to upstream, client: 69.xx.xxx.x, server:
home.myDomain.com, request: "GET /blog/modules/statistical_data.js
HTTP/1.1", upstream:
"https://192.168.2.2:443/blog/modules/statistical_data.js", host:
"home.myDomain.com", referrer:
"https://home.myDomain.com/blog/admin_index.php"
2010/10/22 17:23:24 [error] 5206#0: *507 SSL_do_handshake() failed (SSL:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while
SSL handshaking to upstream, client: 69.xx.xxx.x, server:
home.myDomain.com, request: "GET /blog/modules/recent_article.js
HTTP/1.1", upstream:
"https://192.168.2.2:443/blog/modules/recent_article.js", host:
"home.myDomain.com", referrer:
"https://home.myDomain.com/blog/admin_index.php"


Again the weird thing is it stops working after X amount of time
testing. I'm starting to think it has something to do with the
connection timeout from Nginx to Apache?? Or maybe something with the
Cache?

Any help would be greatly appreciated!
Thanks!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,144108,144108#msg-144108




More information about the nginx mailing list