So i am using following settings to create one reverse proxy for site as below.
server {
listen 80;
server_name mysite.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
root /home/ubuntu/p3;
location / {
proxy_pass https://mysiter.com/;
proxy_redirect https://mysiter.com/ $host;
proxy_set_header Accept-Encoding "";
}
}
But getting BAD GATE WAY 502 error and below is the log.
2016/08/13 09:42:28 [error] 26809#0: *60 SSL_do_handshake() failed (SSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error) while SSL handshaking to upstream, client: 103.255.5.68, server: mysite.com, request: "GET / HTTP/1.1", upstream: "https://105.27.188.213:443/", host: "mysite.com"
2016/08/13 09:42:28 [error] 26809#0: *60 SSL_do_handshake() failed (SSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error) while SSL handshaking to upstream, client: 103.255.5.68, server: mysite.com, request: "GET / HTTP/1.1", upstream: "https://105.27.188.213:443/", host: "mysite.com"
Any help will be greatly appreciated.
Seeing the exact same error on Nginx 1.9.0 and it looks like it was caused by the HTTPS endpoint using SNI.
Adding this to the proxy location fixed it:
proxy_ssl_server_name on;
There are a couple of oddities with your configuration. Firstly what are you proxying to? Do you have another server block with server name mysiter.com
listening on port 443 which serves the app?
If yes, then what you want here is a 301 redirect to your 443 block.
If not, then the proxy will land up in the same location block, forming a loop (because you haven't specified a different port).
The error that you posted is because your upstream doesn't have a certificate to offload the SSL. To solve this, you need to change your proxy_pass
directive to plain HTTP.
proxy_pass http://mysiter.com/;
Or you'll need to provide a certificate for the backend server to use.
Check out the docs for more info. This blog might also be of use.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With