unable to setup HTTPS reverse proxy

Wed Oct 4 16:36:46 UTC 2017

Hi, 

I am struggling in order to setup nginx as reverse proxy with HTTPS.
In current test setup I installed nginx on a CentOS 7 machine (host
192.168.1.115) and apache within a docker container.
Everything works fine as long as I use HTTP only.
However if I enable SSL, my browser always ends up in getting response code
400 (bad request).

    ssl_certificate "/etc/nginx/cert.crt";
    ssl_certificate_key "/etc/nginx/cert.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  1m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    server {
        listen 443 ssl;
        server_name .hello.com;

        location / {
            proxy_pass http://127.0.0.1:8000;
        }
    }

In error.log I read: 

    2017/10/04 17:40:06 [info] 5695#0: *27 client sent invalid request while
reading client request line, client: 192.168.1.120, server: , request:
"CONNECT alpha.hello.com:443 HTTP/1.1"

On the other hand, if I run in a terminal:

    openssl s_client -connect 192.168.1.115:443

and then I enter

    GET https://alpha.hello.com/

I get the expected content (in this case error.log just prints
    2017/10/04 18:15:41 [debug] 15843#0: *40 http request line: "GET
https://alpha.ciao.com/"
)

By the way, I tried different browsers, but the proxy configuration should
be pretty simple: I always set 192.168.1.115:443 as HTTPS/SSL proxy or as
proxy for all protocols (actually I aim to use HTTPS only)

What is my mistake? Is anything missing in nginx configuration? Is there a
proxy setup in the browser I am not aware of?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276690,276690#msg-276690