unable to setup HTTPS reverse proxy

Maxim Dounin mdounin at mdounin.ru
Wed Oct 4 17:01:07 UTC 2017


Hello!

On Wed, Oct 04, 2017 at 12:36:46PM -0400, k78rc wrote:

> Hi, 
> 
> I am struggling in order to setup nginx as reverse proxy with HTTPS.
> In current test setup I installed nginx on a CentOS 7 machine (host
> 192.168.1.115) and apache within a docker container.
> Everything works fine as long as I use HTTP only.
> However if I enable SSL, my browser always ends up in getting response code
> 400 (bad request).
> 
>     ssl_certificate "/etc/nginx/cert.crt";
>     ssl_certificate_key "/etc/nginx/cert.key";
>     ssl_session_cache shared:SSL:1m;
>     ssl_session_timeout  1m;
>     ssl_ciphers HIGH:!aNULL:!MD5;
>     ssl_prefer_server_ciphers on;
> 
>     server {
>         listen 443 ssl;
>         server_name .hello.com;
> 
>         location / {
>             proxy_pass http://127.0.0.1:8000;
>         }
>     }
> 
> In error.log I read: 
> 
>     2017/10/04 17:40:06 [info] 5695#0: *27 client sent invalid request while
> reading client request line, client: 192.168.1.120, server: , request:
> "CONNECT alpha.hello.com:443 HTTP/1.1"

The message suggests that your browser thinks that nginx is a 
forward proxy and tries to use it as such.  This won't work.  
Check your browser settings. 

[...]

> By the way, I tried different browsers, but the proxy configuration should
> be pretty simple: I always set 192.168.1.115:443 as HTTPS/SSL proxy or as
> proxy for all protocols (actually I aim to use HTTPS only)
> 
> What is my mistake? Is anything missing in nginx configuration? Is there a
> proxy setup in the browser I am not aware of?

For reverse proxy you should not configure anything in your 
browser, it is basically an internal part of a http server.

In browser settings you configure _forward_ proxies, and this is 
not something nginx is expected to be used for.

-- 
Maxim Dounin
http://nginx.org/


More information about the nginx mailing list