https proxy to apache server

Jelle de Jong jelledejong at powercraft.nl
Tue Jan 10 15:17:21 UTC 2012


On 10/01/12 15:38, Maxim Dounin wrote:
> Just use "https" instead of "http" here, i.e.
>           proxy_pass          https://192.168.24.66/;

I tried that, (did it again to be sure). I think the issues may be
somewhere else...

I removed the port 80 part of the config and only have the 443 now.

# checking: nginx is listing
# lsof -i :443
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   30136     root   20u  IPv4 482955      0t0  TCP *:https (LISTEN)
nginx   30137 www-data   20u  IPv4 482955      0t0  TCP *:https (LISTEN)
nginx   30138 www-data   20u  IPv4 482955      0t0  TCP *:https (LISTEN)
nginx   30139 www-data   20u  IPv4 482955      0t0  TCP *:https (LISTEN)
nginx   30140 www-data   20u  IPv4 482955      0t0  TCP *:https (LISTEN)

# checking: wierd response from ssl check, what is wrong?
# openssl s_client -connect localhost:443
CONNECTED(00000003)
31082:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:607:

# nginx should be able to read the certs?
# output shorted for mail purpose
# su -c 'ls -hal /etc/ssl/certs/yessica-*' www-data
-rw-r--r-- 1 root root 1.4K Jan  7 16:42 /etc/ssl/certs/cert-request.pem
-rw-r--r-- 1 root root 2.9K Jan  7 16:42 /etc/ssl/certs/cert.pem
-r-------- 1 root root 1.7K Jan  7 16:42 /etc/ssl/certs/privatekey.pem

# the config...
server {
    listen      443;
    server_name calendar.powercraft.nl;
    ssl         on;
    ssl_certificate     /etc/ssl/certs/yessica-certificate.pem;
    ssl_certificate_key /etc/ssl/certs/yessica--privatekey.pem;
    access_log          /var/log/nginx/calendar.secure.log;
    error_log           /var/log/nginx/calendar.error-secure.log;
    location / {
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect      off;
        proxy_pass          https://192.168.24.66/;
    }
}

Thanks in advance,

Kind regards,

Jelle de Jong



More information about the nginx mailing list