Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Nginx - Upstream SSL - peer closed connection in SSL handshake

Tags:

nginx

ssl

I am getting this error:

Error frontend: 502 Bad gateway

99.110.244:443

2017/09/28 13:03:51 [error] 34080#34080: *1062 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 10.210.0.81, server: webshop.domain.be, request: "GET / HTTP/1.1", upstream: "https://10.1.10.61:443/", host: "webshop.domain.be"

Config:

        # Zone voor connection logging
        limit_conn_zone $binary_remote_addr zone=izSSL_webshop-api_CZ:10m;

        # Zone voor rate logging
        # Hoge rate limit.  x r/s is soms wat snel
        # 10 MB (10m) will give us enough space to store a history of 160k requests.
        limit_req_zone $binary_remote_addr zone=izSSL_webshop-api_RZ:10m rate=20r/s;


upstream webshop_domain_be {
        server webshop.domain.be:443;
}


server {
        listen       443 ssl;
        server_name  webshop.domain.be webshop;

        client_max_body_size 80M;

        ssl_session_cache    shared:webshopSSL:1m;
        ssl_session_timeout  10m;
        ssl_certificate /var/www/certs/webshop.domain.be/webshop.domain.be-chain.pem;
        ssl_certificate_key /var/www/certs/webshop.domain.be/webshop.domain.be-key.pem;
        ssl_verify_client off;
        ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;

        ssl_ciphers RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;


        location / {

                proxy_ssl_session_reuse off;
                proxy_pass $scheme://webshop_domain_be;

        }
}

nginx version: nginx/1.10.3 (Ubuntu)

Other server (10.1.10.61) is an IIS Server with the same certificate as I'm using in this proxy (correct?). It's not an IIS problem; and the proxy server can reach 10.1.10.61 / port 443

Config based on https://serverfault.com/questions/583374/configure-nginx-as-reverse-proxy-with-upstream-ssl

I am using Let's Encrypt certificates.

like image 503
Jeffrey Avatar asked Sep 28 '17 11:09

Jeffrey

1 Answers

Adding this line after the proxy_pass worked for me.

proxy_ssl_server_name on;

Before that I did this from here

In REDHAT 7/ CentOS 7/ Oracle Linux 7: Install the certificate in your enviroment.

  1. Download Active PEM certificate from: https://letsencrypt.org/certificates/ in /etc/pki/ca-trust/source/anchors
  2. Execute: sudo update-ca-trust

Not sure if those last 2 steps needed, but doing both worked for me.

Cheers,

like image 131
Masda Avatar answered Sep 17 '22 18:09

Masda
Sign in to Comment

Related questions

How to set the intermediate certificates on GAE?
SSL iframe in and SSL page from a different domain
Cross-Origin Request Blocked on
Nginx load balance with upstream SSL
SSL Pinning with AFNetworking
Connecting to MongoDB over SSL with Node.js
Where do I specify my SSL port for IISExpress?
SSL: WRONG_VERSION_NUMBER when setting up public Juypter server
Gradle use certificate authentication for repository
How can I use a LetsEncrypt SSL cert in my Heroku Node Express app?
python easy_install fails with SSL certificate error for all packages
How do I accept a self-signed SSL certificate using iOS 7's NSURLSession
In Firefox, can I disable the "Website certified by an unknown authority" SSL certificate warning dialogs?
How to connect a SSL socket through a HTTP proxy?
What is the impact of the `PersistKeySet`-StorageFlag when importing a Certificate in C#
tomcat 7 + ssl not working - ERR_SSL_VERSION_OR_CIPHER_MISMATCH
SSL error with Python requests despite up-to-date dependencies
SSL Configuration on Maven Tomcat Plugin
AWS: Custom SSL certificate option is disabled in CloudFront, but I created a SSL certificate using AWS Certificate Manager
App Engine: The private key you've selected does not appear to be valid

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!