reverse proxy an apache who forces ssl

Isaac Hailperin i.hailperin at heinlein-support.de
Tue Jul 17 14:05:17 UTC 2012


Hi,

I am trying to proxy an apache, who forces ssl, see my vhost config:

RewriteEngine On
          RewriteRule /(.*)$ https://www.acme.eu/$1 [R=301,L]

The nginx config for port 443 looks like this:

[...]
         location  ~* \.(jpg|gif|png|css|js) {
                 try_files $uri @proxy;
         }
         location @proxy {
                 proxy_pass http://www.acme.eu;
         }
         location / {
                 proxy_pass http://www.acme.eu;
         }

This obviously gives me a rewrite loop, since apache forces https, and 
nginx keeps trying http.
When I change http to https in the location blocks, I get a 502 bad 
gateway error, and the nginx log tells me

012/07/17 15:42:30 [error] 3671#0: *21 SSL_do_handshake() failed (SSL: 
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) 
while SSL handshaking to upstream, client: 8.1.87.11, server: 
www.acme.eu, request: "GET / HTTP/1.1", upstream: 
"https://10.11.12.13:443/", host: "www.acme.eu"

My interpretation is that nginx does not know how to handle the upstream 
ssl connection. Is that correct?
How can I configure nginx to do that? Is that possible at all?

Not sure if its of interest, but: nginx has the ssl certs for 
www.acme.eu configured correctly, but thats for the side where nginx is 
the server to the client.
Of course, an option would be to drop the https forcing in the apache, 
and put the forcing in nginx, but currently that is not an option, as we 
are in a testing phase, where the proxied and unproxied versions of the 
site must be available.

Isaac



More information about the nginx mailing list