[EXT] Re: Nginx as reverse proxy for https traffic
Ajay Sonawane
Ajay_Sonawane at symantec.com
Wed Apr 11 08:13:25 UTC 2018
Nginx version 1.13.7
There are no longs in error.log file. Access log show "POST /HTTP /1.1 408 ..." entries. Nothing specific to if connection is established or not. I need some troubleshooting steps as well to know what exactly is happening.
At client side, SSL handshake is completed but no logs after that.
-----Original Message-----
From: Aleksandar Lazic [mailto:al-nginx at none.at]
Sent: Wednesday, April 11, 2018 1:01 PM
To: nginx at nginx.org; Ajay Sonawane <Ajay_Sonawane at symantec.com>
Subject: [EXT] Re: Nginx as reverse proxy for https traffic
Am 11.04.2018 um 07:11 schrieb Ajay Sonawane:
> I am trying to use Nginx as a reverse proxy in an environment where
> clients connects to my server (https://myserver:10443
> <https://myserver:10443/>). I am trying to use Nginx as a reverse
> proxy so that client will connect to Nginx proxy and Nginx will
> forward all requests to backend server. The communication is ssl
> communication on port 10443. I have installed and configured Nginx but
> still not able to connect to server through proxy. The configuration
> is
>
> Not sure what I have done wrong. As of now, my backend is speaking to
> proxy on https on port 10443, but eventually it will be http on port 10443.
What's in the global and http server error log?
Which version of nginx do you use?
Best regards
Aleks
> http
>
> {
>
> server
>
> {
>
> listen 10443;
>
> ssl on;
>
>
>
> access_log /var/log/nginx/ssl-access.log;
>
> error_log /var/log/nginx/ssl-error.log;
>
>
>
> location /
>
> {
>
> #chunked_transfer_encoding on;
>
> proxy_buffering off;
>
> proxy_pass https://MYSERVER:10443;
>
> proxy_set_header Host $host;
>
> proxy_set_header X-Real-IP $remote_addr;
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> proxy_set_header X-Forwarded-Proto $scheme;
>
> #proxy_redirect off;
>
> #proxy_ssl_session_reuse off;
>
> }
>
>
>
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>
> ssl_session_timeout 10m;
>
> keepalive_timeout 60;
>
> ssl_session_cache builtin:1000 shared:SSL:10m;
>
> ssl_ciphers
> HIGH:!aNULL:!aNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
>
> ssl_prefer_server_ciphers on;
>
> ssl_certificate /etc/nginx/certs/endpoint/nginx.cer;
>
> ssl_certificate_key /etc/nginx/certs/endpoint/nginx_d.key;
>
>
>
> #ssl_client_certificate /etc/nginx/certs/endpoint/nginx.cer;
>
> #ssl_verify_client off;
>
> #ssl_verify_depth 2;
>
>
>
> }
>
> }
>
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://clicktime.symantec.com/a/1/H1IJ4X_-Gh6l4M4vjdaTgjgnMxYYrQs674w
> hdkZpTco=?d=mmaeSLWIuOZl3-ETXWK4VlCJH23T4pXYQCcAvOPw81Lc74fGByXNJej4l-
> pIlUjcOpzzELmhlrsbg4HetelvgkFV7NUg4602JjC2NZzshbF_hY2x8Ft1xdZz_5KFt4au
> DImBxX9ooBDps24xbJOk4k7bql1FGBU4-MsBYmvebbnsI0c0PAz8n9JK20ozgDkuMJwdFu
> Fn_D8U8teov4XoKzwx2sgsxjoRtxADEGTrH77pdbpT5SM3K14DIopzmq1c---uJBzvMBt0
> 7qW0M8HwUk6v2hAnR7lNs3TClmHOUA0RK4jUOTeWwA4YDu8aOI6R_J-dWvAsZICygd2x8w
> kOofkIFmIsru2BfIwcv2hPpkBP6JLAudA_M0Wdo6gD&u=http%3A%2F%2Fmailman.ngin
> x.org%2Fmailman%2Flistinfo%2Fnginx
>
More information about the nginx
mailing list