<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Yes, that is the problem. The NGINX server you are hitting is supposed
to pass the request to an upstream apache server but it isn't.<br>
<br>
sean<br>
<br>
<br>
Dave Cheney wrote:
<blockquote cite="mid:a4e36648752c9d0491634e2a25e7e005@cheney.net"
type="cite">
<pre wrap="">Hi Sean,
Firstly, let me commend you on giving a full config, without obfuscation.
This makes things a lot easier.
It looks like SSL isn't correctly setup on port 443
lucky:~ dcheney$ openssl s_client -connect <a class="moz-txt-link-abbreviated" href="http://www.gcnpublishing.com:443">www.gcnpublishing.com:443</a>
CONNECTED(00000003)
23096:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:585:
lucky:~ dcheney$ telnet <a class="moz-txt-link-abbreviated" href="http://www.gcnpublishing.com">www.gcnpublishing.com</a> 443
Trying 74.201.40.2...
Connected to <a class="moz-txt-link-abbreviated" href="http://www.gcnpublishing.com">www.gcnpublishing.com</a>.
Escape character is '^]'.
hello
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/0.6.32</center>
</body>
</html>
Connection closed by foreign host.
Cheers
Dave
n Mon, 27 Oct 2008 18:50:38 -0400, Sean Fulton <a class="moz-txt-link-rfc2396E" href="mailto:sean@gcnpublishing.com"><sean@gcnpublishing.com></a>
wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I am trying to proxy traffic to a pair of apache web servers using nginx
with proxy_pass and upstream. All works well for port 80, even given
that the apache server is using NameVirtualHost and has a half-dozen
sites on it. All fine.
The problems I have are for traffic going to port 443 (SSL) and 9090
(this is a java app).
SSL traffic results in the following error:
Secure Connection Failed
An error occurred during a connection to <a class="moz-txt-link-abbreviated" href="http://www.gcnpublishing.com">www.gcnpublishing.com</a>.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The page you are trying to view can not be shown because the
authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem.
Traffic to: <a class="moz-txt-link-freetext" href="http://www.gcnpublishing.com:9090/">http://www.gcnpublishing.com:9090/</a> results in:
The requested URL /login.jsp was not found on this server.
Apache/2.0.52 (CentOS) Server at <a class="moz-txt-link-abbreviated" href="http://www.gcnpublishing.com">www.gcnpublishing.com</a> Port 80
And the URL is rewritten as:
<a class="moz-txt-link-freetext" href="http://www.gcnpublishing.com/login.jsp?url=%2Findex.jsp">http://www.gcnpublishing.com/login.jsp?url=%2Findex.jsp</a>
Which is getting mangled. However if I enter:
<a class="moz-txt-link-freetext" href="http://www.gcnpublishing.com:9090/login.jsp?url=%2Findex.jsp">http://www.gcnpublishing.com:9090/login.jsp?url=%2Findex.jsp</a>
It seems to work. Somehow it's getting re-written in correctly.
Here are my configs:
upstream gcn-chat {
server 74.201.38.2:9090 ;
server 74.201.39.2:9090 backup ;
}
server {
listen 74.201.40.2:9090 ;
server_name gcn-chat.gcnpublishing.com ;
location / {
proxy_pass <a class="moz-txt-link-freetext" href="http://gcn-chat">http://gcn-chat</a> ;
proxy_redirect off;
proxy_set_header Host $host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
}
# Load a bunch of stuff for proxying
# include /etc/nginx/proxy.conf ;
}
upstream gcn-ssl {
server 74.201.38.2:443 ;
server 74.201.39.2:443 backup ;
}
server {
listen 74.201.40.2:443 ;
server_name <a class="moz-txt-link-abbreviated" href="http://www.gcnpublishing.com">www.gcnpublishing.com</a> ;
ssl on ;
location / {
proxy_set_header X-FORWARDED_PROTO https;
proxy_pass <a class="moz-txt-link-freetext" href="https://gcn-ssl">https://gcn-ssl</a> ;
include /etc/nginx/proxy.conf ;
}
} # server
upstream 74.201.40.2 {
server 74.201.38.2 ;
server 74.201.39.2 backup ;
}
server {
listen 74.201.40.2:80;
server_name <a class="moz-txt-link-abbreviated" href="http://www.gcnpublishing.com">www.gcnpublishing.com</a> ;
access_log logs/74.201.40.2-access_log ;
location / {
proxy_pass <a class="moz-txt-link-freetext" href="http://74.201.40.2$request_uri">http://74.201.40.2$request_uri</a> ;
# proxy_pass <a class="moz-txt-link-freetext" href="http://$proxy_host:$proxy_port/">http://$proxy_host:$proxy_port/</a> ;
}
# Load a bunch of stuff for proxying
include /etc/nginx/proxy.conf ;
}
And /etc/nginx/proxy.conf
# proxy.conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
Any suggestions or advice would be greatly appreciated.
sean
--
Sean Fulton
GCN Publishing, Inc.
Internet Design, Development and Consulting For Today's Media Companies
<a class="moz-txt-link-freetext" href="http://www.gcnpublishing.com">http://www.gcnpublishing.com</a>
(203) 665-6211, x203
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Sean Fulton
GCN Publishing, Inc.
Internet Design, Development and Consulting For Today's Media Companies
<a class="moz-txt-link-freetext" href="http://www.gcnpublishing.com">http://www.gcnpublishing.com</a>
(203) 665-6211, x203
</pre>
</body>
</html>