ssl problems

Jim Ohlstein jim at ohlste.in
Sun Mar 11 12:42:45 UTC 2012


On 3/11/12 8:38 AM, Lawrence Strydom wrote:
> Hi List
> 
> I inherited  the following setup:
> 
> nginx reverse caching proxy   load balancing to two real servers.  I am
> trying to get SSL working.
> 
> Here is my config:
> 
> ++++++++++++++++++++++++++++++++++++++++++++
> upstream ssl-apache_cluster {
>   server 10.0.0.3:443 <http://10.0.0.3:443>;
>   server 10.0.0.6:443 <http://10.0.0.6:443>;
>   fair;
> }
> 
> server {
>         listen 196.37.50.51:443 <http://196.37.50.51:443>;
>         client_max_body_size 5M;
>         client_body_buffer_size 128k;
>         server_name######################;
>         access_log  /var/log/nginx/##########.access.log;
> 
>         ssl on;
>         ssl_certificate      /etc/nginx/ssl/#########.crt;
>         ssl_certificate_key  /etc/nginx/ssl/domain.key;
>         ssl_session_cache shared:SSL:10m;
> 
> 
>  location / {
>                 access_log        off;
>                 proxy_set_header X-Forwarded-Host $host;
>                 proxy_set_header X-Forwarded-Server $host;
>                 proxy_set_header Host            $host;
>                 proxy_set_header X-Real-IP       $remote_addr;
>                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>                 proxy_pass https://ssl-apache_cluster;
>         }
> location ~*
> \.(jpg|jpeg|peg|PEG|gif|png|bmp|flv|pdf|ps|doc|mp3|wmv|wma|wav|swf|JPG|BMP|GIF|PNG|JPEG|ogg|mpg|mpeg|mpg4|zip|bz2|rar|xls|docx|avi|djvu|mp4|rtf|ico)$
> {
>                 root /var/www/jmredev;
>                 expires 60;
>                 slowfs_cache        fastcache;
>                 slowfs_cache_key    $uri;
>                 slowfs_cache_valid  7d;
>                 access_log        off;
>         }
> 
>         location ~* \.(css|js)$ {
>                 root /var/www/jmredev;
>                 expires 60;
>                 slowfs_cache        fastcache;
>                 slowfs_cache_key    $uri;
>                 slowfs_cache_valid  5m;
>                access_log        off;
>         }
> 
> 
> location ~* \.(mjs|mcss)$ {
>   set $domain      www.j########;        # Change this to your site's
> domain name
>   set $root_fcgi   /var/www/fastcache/;  # Change this to the public
> root folder of your site
>   set $root_cache  /var/cache/nginx/minified;      # Change this to a
> folder in which to cache the minified files
>   set $min_dir     /usr/local/nginx/minify/min;        # Change this
> folder to wherever you put the Minify files
> 
>   include fastcgi_params;
>   fastcgi_param SITE_ROOT $root_fcgi;
>   fastcgi_param SCRIPT_FILENAME $min_dir/minifier.php;
>   fastcgi_param PATH_INFO minifier.php;
>   fastcgi_param SERVER_NAME $domain;
>   fastcgi_param CACHE_DIR $root_cache;
> 
>   root $root_cache;
> 
>   expires max;
> 
>   gzip_static on;   # You will need to have installed Nginx using the
> --with-http_gzip_static_module flag for this to work
>   gzip_http_version 1.1;
>   gzip_proxied expired no-cache no-store private auth;
>   gzip_disable "MSIE [1-6]\.";
>   gzip_vary on;
> 
> # If there is not already a cached copy, create one
>   if (!-f $request_filename) {
>     root $root_fcgi;
>     fastcgi_pass 127.0.0.1:9000 <http://127.0.0.1:9000>;
>   }
> }
> 
> 
>         location ^~ /blog/sites/default/files/ {
>                 proxy_redirect  off;
> 
>                 access_log        off;
>                 proxy_set_header X-Forwarded-Host $host;
>                 proxy_set_header X-Forwarded-Server $host;
>                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>                 proxy_set_header        Host            $host;
>                 proxy_set_header        X-Real-IP       $remote_addr;
>                 proxy_pass https://ssl-apache_cluster;
>         }
> 
> 
> }
> 
> 
> ===========================================================================
> 
> When I try and start NGINX I get the following error:
> 
> reloading nginx configuration: nginx: [emerg] unknown directive "ssl" in
> /etc/nginx/sites-enabled/j#########l_ssl:21
> 

Most likely nginx is built without ssl.

What's the output of nginx -V ?


> And this error in the browser:
> 
> SSL received a record that exceeded the maximum permissible length.
> 
> (Error code: ssl_error_rx_record_too_long)
> 
> 
> I am running Ubuntu server 10.04.2 LTS     and NGINX 10.0.3
> 
> 
> Many thanks
> 
> Lawrence
> 
> 
> 
> 
-- 
Jim Ohlstein



More information about the nginx mailing list