[EXT] Re: Nginx as reverse proxy for https traffic
Aleksandar Lazic
al-nginx at none.at
Wed Apr 11 10:59:11 UTC 2018
Am 11.04.2018 um 10:13 schrieb Ajay Sonawane:
> Nginx version 1.13.7
>
> There are no longs in error.log file. Access log show "POST /HTTP /1.1 408 ..." entries. Nothing specific to if connection is established or not. I need some troubleshooting steps as well to know what exactly is happening.
Please can you turn debug logging on.
https://nginx.org/en/docs/debugging_log.html
Depend on your installation you will need to start nginx-debug and stop
nginx normal.
> At client side, SSL handshake is completed but no logs after that.
>
>
> -----Original Message-----
> From: Aleksandar Lazic [mailto:al-nginx at none.at]
> Sent: Wednesday, April 11, 2018 1:01 PM
> To: nginx at nginx.org; Ajay Sonawane <Ajay_Sonawane at symantec.com>
> Subject: [EXT] Re: Nginx as reverse proxy for https traffic
>
> Am 11.04.2018 um 07:11 schrieb Ajay Sonawane:
>> I am trying to use Nginx as a reverse proxy in an environment where
>> clients connects to my server (https://myserver:10443
>> <https://myserver:10443/>). I am trying to use Nginx as a reverse
>> proxy so that client will connect to Nginx proxy and Nginx will
>> forward all requests to backend server. The communication is ssl
>> communication on port 10443. I have installed and configured Nginx but
>> still not able to connect to server through proxy. The configuration
>> is
>>
>> Not sure what I have done wrong. As of now, my backend is speaking to
>> proxy on https on port 10443, but eventually it will be http on port 10443.
>
> What's in the global and http server error log?
> Which version of nginx do you use?
>
> Best regards
> Aleks
>
>> http
>>
>> {
>>
>> server
>>
>> {
>>
>> listen 10443;
>>
>> ssl on;
>>
>>
>>
>> access_log /var/log/nginx/ssl-access.log;
>>
>> error_log /var/log/nginx/ssl-error.log;
>>
>>
>>
>> location /
>>
>> {
>>
>> #chunked_transfer_encoding on;
>>
>> proxy_buffering off;
>>
>> proxy_pass https://MYSERVER:10443;
>>
>> proxy_set_header Host $host;
>>
>> proxy_set_header X-Real-IP $remote_addr;
>>
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>
>> proxy_set_header X-Forwarded-Proto $scheme;
>>
>> #proxy_redirect off;
>>
>> #proxy_ssl_session_reuse off;
>>
>> }
>>
>>
>>
>> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>>
>> ssl_session_timeout 10m;
>>
>> keepalive_timeout 60;
>>
>> ssl_session_cache builtin:1000 shared:SSL:10m;
>>
>> ssl_ciphers
>> HIGH:!aNULL:!aNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
>>
>> ssl_prefer_server_ciphers on;
>>
>> ssl_certificate /etc/nginx/certs/endpoint/nginx.cer;
>>
>> ssl_certificate_key /etc/nginx/certs/endpoint/nginx_d.key;
>>
>>
>>
>> #ssl_client_certificate /etc/nginx/certs/endpoint/nginx.cer;
>>
>> #ssl_verify_client off;
>>
>> #ssl_verify_depth 2;
>>
>>
>>
>> }
>>
>> }
>>
More information about the nginx
mailing list