nginx plus with ssl on TCP load balance not work

Roman Arutyunyan arut at nginx.com
Thu Jun 11 07:45:08 UTC 2015 

Hi,

Could you provide the full config of the nginx/stream balancer?

On 11 Jun 2015, at 09:29, huakaibird <nginx-forum at nginx.us> wrote:

> Hi,
> 
> I’m using nginx plus with ssl on TCP load balance, Configured like the
> documentation, but it not work.  (All the IP below is not real-ip)
> I have web servers behind, I want to use ssl offloading, and I choose TCP
> load balance. listen on 443 and proxy to web server's 80.
> 
> Page access always report ERR_TOO_MANY_REDIRECTS. 
> 
> Error log
> 2015/06/11 03:00:32 [error] 8362#0: *361 upstream timed out (110: Connection
> timed out) while connecting to upstream, client: 10.0.0.1, server:
> 0.0.0.0:443, upstream: "10.0.0.2:443", bytes from/to client:656/0, bytes
> from/to upstream:0/0
> 
> 10.0.0.2 this ip is the nginx ip, while it is used as upstream?
> 
> The configuration is like this, remove the real ip
> 
> server {
>        listen 80 so_keepalive=30m::10;
>        proxy_pass backend;
>        proxy_upstream_buffer 2048k;
>        proxy_downstream_buffer 2048k;
> 
>    }
> 
> server {
>        listen 443 ssl;
>        proxy_pass backend;
>        #proxy_upstream_buffer 2048k;
>        #proxy_downstream_buffer 2048k;
>        ssl_certificate     ssl/chained.crt;
>        #ssl_certificate     ssl/4582cfef411bb.crt;
>        ssl_certificate_key ssl/zoomus20140410.key;
>        #ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
>        #ssl_ciphers         HIGH:!aNULL:!MD5;
>        ssl_handshake_timeout 3s;
>        #ssl_session_cache   shared:SSL:20m;
>        #ssl_session_timeout 4h;
> 
>    }
> 
> 
>    upstream backend {
>        server *.*.*.*:80;
>        server *.*.*.*:80;
>    }
> 
> 
> 
> nginx -v
> nginx version: nginx/1.7.11 (nginx-plus-r6-p1)
> 
> And I’m using amazon linux
> uname -a
> Linux ip-*.*.*.* 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11 22:50:37 UTC
> 2015 x86_64 x86_64 x86_64 GNU/Linux
> 
> 
> BTW, tcp how to set access log?
> 
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,259522,259522#msg-259522
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Roman Arutyunyan

More information about the nginx mailing list