ssl problems
Lawrence Strydom
qholloi at gmail.com
Sun Mar 11 12:38:24 UTC 2012
Hi List
I inherited the following setup:
nginx reverse caching proxy load balancing to two real servers. I am
trying to get SSL working.
Here is my config:
++++++++++++++++++++++++++++++++++++++++++++
upstream ssl-apache_cluster {
server 10.0.0.3:443;
server 10.0.0.6:443;
fair;
}
server {
listen 196.37.50.51:443;
client_max_body_size 5M;
client_body_buffer_size 128k;
server_name######################;
access_log /var/log/nginx/##########.access.log;
ssl on;
ssl_certificate /etc/nginx/ssl/#########.crt;
ssl_certificate_key /etc/nginx/ssl/domain.key;
ssl_session_cache shared:SSL:10m;
location / {
access_log off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://ssl-apache_cluster;
}
location ~*
\.(jpg|jpeg|peg|PEG|gif|png|bmp|flv|pdf|ps|doc|mp3|wmv|wma|wav|swf|JPG|BMP|GIF|PNG|JPEG|ogg|mpg|mpeg|mpg4|zip|bz2|rar|xls|docx|avi|djvu|mp4|rtf|ico)$
{
root /var/www/jmredev;
expires 60;
slowfs_cache fastcache;
slowfs_cache_key $uri;
slowfs_cache_valid 7d;
access_log off;
}
location ~* \.(css|js)$ {
root /var/www/jmredev;
expires 60;
slowfs_cache fastcache;
slowfs_cache_key $uri;
slowfs_cache_valid 5m;
access_log off;
}
location ~* \.(mjs|mcss)$ {
set $domain www.j########; # Change this to your site's
domain name
set $root_fcgi /var/www/fastcache/; # Change this to the public root
folder of your site
set $root_cache /var/cache/nginx/minified; # Change this to a
folder in which to cache the minified files
set $min_dir /usr/local/nginx/minify/min; # Change this folder
to wherever you put the Minify files
include fastcgi_params;
fastcgi_param SITE_ROOT $root_fcgi;
fastcgi_param SCRIPT_FILENAME $min_dir/minifier.php;
fastcgi_param PATH_INFO minifier.php;
fastcgi_param SERVER_NAME $domain;
fastcgi_param CACHE_DIR $root_cache;
root $root_cache;
expires max;
gzip_static on; # You will need to have installed Nginx using the
--with-http_gzip_static_module flag for this to work
gzip_http_version 1.1;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
# If there is not already a cached copy, create one
if (!-f $request_filename) {
root $root_fcgi;
fastcgi_pass 127.0.0.1:9000;
}
}
location ^~ /blog/sites/default/files/ {
proxy_redirect off;
access_log off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://ssl-apache_cluster;
}
}
===========================================================================
When I try and start NGINX I get the following error:
reloading nginx configuration: nginx: [emerg] unknown directive "ssl" in
/etc/nginx/sites-enabled/j#########l_ssl:21
And this error in the browser:
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
I am running Ubuntu server 10.04.2 LTS and NGINX 10.0.3
Many thanks
Lawrence
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120311/4b879429/attachment.html>
More information about the nginx
mailing list