[EXT] Re: Nginx as reverse proxy for https traffic

Aleksandar Lazic al-nginx at none.at
Wed Apr 11 10:59:11 UTC 2018


Am 11.04.2018 um 10:13 schrieb Ajay Sonawane:
> Nginx version 1.13.7 
> 
> There are no longs in error.log file. Access log show "POST /HTTP /1.1 408 ..." entries. Nothing specific to if connection is  established or not. I need some troubleshooting steps as well to know what exactly is happening. 

Please can you turn debug logging on.

https://nginx.org/en/docs/debugging_log.html

Depend on your installation you will need to start nginx-debug and stop
nginx normal.

> At client side, SSL handshake is completed but no logs after that. 
> 
> 
> -----Original Message-----
> From: Aleksandar Lazic [mailto:al-nginx at none.at] 
> Sent: Wednesday, April 11, 2018 1:01 PM
> To: nginx at nginx.org; Ajay Sonawane <Ajay_Sonawane at symantec.com>
> Subject: [EXT] Re: Nginx as reverse proxy for https traffic
> 
> Am 11.04.2018 um 07:11 schrieb Ajay Sonawane:
>> I am trying to use Nginx as a reverse proxy in an environment where 
>> clients connects to my server (https://myserver:10443 
>> <https://myserver:10443/>). I am trying to use Nginx as a reverse 
>> proxy so that client will connect to Nginx proxy and Nginx will 
>> forward all requests to backend server. The communication is ssl 
>> communication on port 10443. I have installed and configured Nginx but 
>> still not able to connect to server through proxy. The configuration 
>> is
>>
>> Not sure what I have done wrong. As of now, my backend is speaking to 
>> proxy on https on port 10443, but eventually it will be http on port 10443.
> 
> What's in the global and http server error log?
> Which version of nginx do you use?
> 
> Best regards
> Aleks
> 
>> http
>>
>> {
>>
>>    server
>>
>>    {
>>
>>     listen 10443;
>>
>>     ssl on;
>>
>>  
>>
>>      access_log /var/log/nginx/ssl-access.log;
>>
>>      error_log /var/log/nginx/ssl-error.log;
>>
>>  
>>
>>      location /
>>
>>      {
>>
>>         #chunked_transfer_encoding on;
>>
>>         proxy_buffering off;
>>
>>         proxy_pass https://MYSERVER:10443;
>>
>>         proxy_set_header Host $host;
>>
>>         proxy_set_header X-Real-IP $remote_addr;
>>
>>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>
>>         proxy_set_header X-Forwarded-Proto $scheme;
>>
>>         #proxy_redirect off;
>>
>>         #proxy_ssl_session_reuse off;
>>
>>      }
>>
>>  
>>
>>      ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>>
>>      ssl_session_timeout 10m;
>>
>>      keepalive_timeout 60;
>>
>>      ssl_session_cache builtin:1000 shared:SSL:10m;
>>
>>      ssl_ciphers
>> HIGH:!aNULL:!aNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
>>
>>      ssl_prefer_server_ciphers on;
>>
>>      ssl_certificate  /etc/nginx/certs/endpoint/nginx.cer;
>>
>>      ssl_certificate_key /etc/nginx/certs/endpoint/nginx_d.key;
>>
>>  
>>
>>      #ssl_client_certificate /etc/nginx/certs/endpoint/nginx.cer;
>>
>>      #ssl_verify_client off;
>>
>>      #ssl_verify_depth 2;
>>
>>  
>>
>>    }
>>
>> }
>>



More information about the nginx mailing list