unable to setup HTTPS reverse proxy
Maxim Dounin
mdounin at mdounin.ru
Wed Oct 4 17:01:07 UTC 2017
Hello!
On Wed, Oct 04, 2017 at 12:36:46PM -0400, k78rc wrote:
> Hi,
>
> I am struggling in order to setup nginx as reverse proxy with HTTPS.
> In current test setup I installed nginx on a CentOS 7 machine (host
> 192.168.1.115) and apache within a docker container.
> Everything works fine as long as I use HTTP only.
> However if I enable SSL, my browser always ends up in getting response code
> 400 (bad request).
>
> ssl_certificate "/etc/nginx/cert.crt";
> ssl_certificate_key "/etc/nginx/cert.key";
> ssl_session_cache shared:SSL:1m;
> ssl_session_timeout 1m;
> ssl_ciphers HIGH:!aNULL:!MD5;
> ssl_prefer_server_ciphers on;
>
> server {
> listen 443 ssl;
> server_name .hello.com;
>
> location / {
> proxy_pass http://127.0.0.1:8000;
> }
> }
>
> In error.log I read:
>
> 2017/10/04 17:40:06 [info] 5695#0: *27 client sent invalid request while
> reading client request line, client: 192.168.1.120, server: , request:
> "CONNECT alpha.hello.com:443 HTTP/1.1"
The message suggests that your browser thinks that nginx is a
forward proxy and tries to use it as such. This won't work.
Check your browser settings.
[...]
> By the way, I tried different browsers, but the proxy configuration should
> be pretty simple: I always set 192.168.1.115:443 as HTTPS/SSL proxy or as
> proxy for all protocols (actually I aim to use HTTPS only)
>
> What is my mistake? Is anything missing in nginx configuration? Is there a
> proxy setup in the browser I am not aware of?
For reverse proxy you should not configure anything in your
browser, it is basically an internal part of a http server.
In browser settings you configure _forward_ proxies, and this is
not something nginx is expected to be used for.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list