reverse proxy an apache who forces ssl
Isaac Hailperin
i.hailperin at heinlein-support.de
Wed Jul 18 07:35:59 UTC 2012
On 07/17/2012 07:29 PM, Reinis Rozitis wrote:
>> 2012/07/17 18:40:05 [error] 5043#0: *1 SSL_do_handshake() failed (SSL:
> error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol)
> while SSL handshaking to upstream, client: 8.12.87.11, server:
> www.acme.eu, request: "GET / HTTP/1.1", upstream:
> "https://10.10.2.1:443/", host: "www.acme.eu"
>
>> in my log. What am I doing wrong?
>
> The error is kinda saying that the upstream is not talking SSL (or vice
> versa if I'm wrong).
>
>
> Can you show what does this return ( change the 10.10.2.1 to your
> backend apache ip/host if its not the real one from the error message):
>
> openssl s_client -connect 10.10.2.1:443
Its the same error as with nginx:
~# openssl s_client -connect 10.10.2.1:443
CONNECTED(00000003)
7571:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:607:
> It will either return the SSL cert information (then the backend is fine
> and the problem is on nginx side) or the same error.
This would imply that the problem is on the backend (the apache) side.
But: I can connect to the backend directly (not via nginx) using https
without any problem. So I am not sure about this conclusion.
Hm, it might still be a problem with the backend, but its not that ssl
is not working in general on the backend.
Any hints are appreciated :)
Isaac
More information about the nginx
mailing list