Welcome! Log In Create A New Profile

Advanced

Nginx as reverse proxy for https traffic

Posted by Ajay Sonawane 
Ajay Sonawane
Nginx as reverse proxy for https traffic
April 11, 2018 07:20AM
I am trying to use Nginx as a reverse proxy in an environment where clients connects to my server (https://myserver:10443https://myserver:10443/). I am trying to use Nginx as a reverse proxy so that client will connect to Nginx proxy and Nginx will forward all requests to backend server. The communication is ssl communication on port 10443. I have installed and configured Nginx but still not able to connect to server through proxy. The configuration is

Not sure what I have done wrong. As of now, my backend is speaking to proxy on https on port 10443, but eventually it will be http on port 10443.

http
{
server
{
listen 10443;
ssl on;

access_log /var/log/nginx/ssl-access.log;
error_log /var/log/nginx/ssl-error.log;

location /
{
#chunked_transfer_encoding on;
proxy_buffering off;
proxy_pass https://MYSERVER:10443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_redirect off;
#proxy_ssl_session_reuse off;
}

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 10m;
keepalive_timeout 60;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_ciphers HIGH:!aNULL:!aNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/certs/endpoint/nginx.cer;
ssl_certificate_key /etc/nginx/certs/endpoint/nginx_d.key;

#ssl_client_certificate /etc/nginx/certs/endpoint/nginx.cer;
#ssl_verify_client off;
#ssl_verify_depth 2;

}
}

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Aleksandar Lazic
Re: Nginx as reverse proxy for https traffic
April 11, 2018 09:40AM
Am 11.04.2018 um 07:11 schrieb Ajay Sonawane:
> I am trying to use Nginx as a reverse proxy in an environment where
> clients connects to my server (https://myserver:10443
> https://myserver:10443/). I am trying to use Nginx as a reverse proxy
> so that client will connect to Nginx proxy and Nginx will forward all
> requests to backend server. The communication is ssl communication on
> port 10443. I have installed and configured Nginx but still not able to
> connect to server through proxy. The configuration is
>
> Not sure what I have done wrong. As of now, my backend is speaking to
> proxy on https on port 10443, but eventually it will be http on port 10443.

What's in the global and http server error log?
Which version of nginx do you use?

Best regards
Aleks

> http
>
> {
>
>    server
>
>    {
>
>     listen 10443;
>
>     ssl on;
>
>  
>
>      access_log /var/log/nginx/ssl-access.log;
>
>      error_log /var/log/nginx/ssl-error.log;
>
>  
>
>      location /
>
>      {
>
>         #chunked_transfer_encoding on;
>
>         proxy_buffering off;
>
>         proxy_pass https://MYSERVER:10443;
>
>         proxy_set_header Host $host;
>
>         proxy_set_header X-Real-IP $remote_addr;
>
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
>         proxy_set_header X-Forwarded-Proto $scheme;
>
>         #proxy_redirect off;
>
>         #proxy_ssl_session_reuse off;
>
>      }
>
>  
>
>      ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>
>      ssl_session_timeout 10m;
>
>      keepalive_timeout 60;
>
>      ssl_session_cache builtin:1000 shared:SSL:10m;
>
>      ssl_ciphers   
> HIGH:!aNULL:!aNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
>
>      ssl_prefer_server_ciphers on;
>
>      ssl_certificate  /etc/nginx/certs/endpoint/nginx.cer;
>
>      ssl_certificate_key /etc/nginx/certs/endpoint/nginx_d.key;
>
>  
>
>      #ssl_client_certificate /etc/nginx/certs/endpoint/nginx.cer;
>
>      #ssl_verify_client off;
>
>      #ssl_verify_depth 2;
>
>  
>
>    }
>
> }
>
>  
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Ajay Sonawane
RE: [EXT] Re: Nginx as reverse proxy for https traffic
April 11, 2018 10:20AM
Nginx version 1.13.7

There are no longs in error.log file. Access log show "POST /HTTP /1.1 408 ..." entries. Nothing specific to if connection is established or not. I need some troubleshooting steps as well to know what exactly is happening.

At client side, SSL handshake is completed but no logs after that.


-----Original Message-----
From: Aleksandar Lazic [mailto:[email protected]]
Sent: Wednesday, April 11, 2018 1:01 PM
To: nginx@nginx.org; Ajay Sonawane <[email protected]>
Subject: [EXT] Re: Nginx as reverse proxy for https traffic

Am 11.04.2018 um 07:11 schrieb Ajay Sonawane:
> I am trying to use Nginx as a reverse proxy in an environment where
> clients connects to my server (https://myserver:10443
> https://myserver:10443/). I am trying to use Nginx as a reverse
> proxy so that client will connect to Nginx proxy and Nginx will
> forward all requests to backend server. The communication is ssl
> communication on port 10443. I have installed and configured Nginx but
> still not able to connect to server through proxy. The configuration
> is
>
> Not sure what I have done wrong. As of now, my backend is speaking to
> proxy on https on port 10443, but eventually it will be http on port 10443.

What's in the global and http server error log?
Which version of nginx do you use?

Best regards
Aleks

> http
>
> {
>
>    server
>
>    {
>
>     listen 10443;
>
>     ssl on;
>
>  
>
>      access_log /var/log/nginx/ssl-access.log;
>
>      error_log /var/log/nginx/ssl-error.log;
>
>  
>
>      location /
>
>      {
>
>         #chunked_transfer_encoding on;
>
>         proxy_buffering off;
>
>         proxy_pass https://MYSERVER:10443;
>
>         proxy_set_header Host $host;
>
>         proxy_set_header X-Real-IP $remote_addr;
>
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
>         proxy_set_header X-Forwarded-Proto $scheme;
>
>         #proxy_redirect off;
>
>         #proxy_ssl_session_reuse off;
>
>      }
>
>  
>
>      ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>
>      ssl_session_timeout 10m;
>
>      keepalive_timeout 60;
>
>      ssl_session_cache builtin:1000 shared:SSL:10m;
>
>      ssl_ciphers
> HIGH:!aNULL:!aNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
>
>      ssl_prefer_server_ciphers on;
>
>      ssl_certificate  /etc/nginx/certs/endpoint/nginx.cer;
>
>      ssl_certificate_key /etc/nginx/certs/endpoint/nginx_d.key;
>
>  
>
>      #ssl_client_certificate /etc/nginx/certs/endpoint/nginx.cer;
>
>      #ssl_verify_client off;
>
>      #ssl_verify_depth 2;
>
>  
>
>    }
>
> }
>
>  
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> https://clicktime.symantec.com/a/1/H1IJ4X_-Gh6l4M4vjdaTgjgnMxYYrQs674w
> hdkZpTco=?d=mmaeSLWIuOZl3-ETXWK4VlCJH23T4pXYQCcAvOPw81Lc74fGByXNJej4l-
> pIlUjcOpzzELmhlrsbg4HetelvgkFV7NUg4602JjC2NZzshbF_hY2x8Ft1xdZz_5KFt4au
> DImBxX9ooBDps24xbJOk4k7bql1FGBU4-MsBYmvebbnsI0c0PAz8n9JK20ozgDkuMJwdFu
> Fn_D8U8teov4XoKzwx2sgsxjoRtxADEGTrH77pdbpT5SM3K14DIopzmq1c---uJBzvMBt0
> 7qW0M8HwUk6v2hAnR7lNs3TClmHOUA0RK4jUOTeWwA4YDu8aOI6R_J-dWvAsZICygd2x8w
> kOofkIFmIsru2BfIwcv2hPpkBP6JLAudA_M0Wdo6gD&u=http%3A%2F%2Fmailman.ngin
> x.org%2Fmailman%2Flistinfo%2Fnginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Aleksandar Lazic
Re: [EXT] Re: Nginx as reverse proxy for https traffic
April 11, 2018 01:10PM
Am 11.04.2018 um 10:13 schrieb Ajay Sonawane:
> Nginx version 1.13.7
>
> There are no longs in error.log file. Access log show "POST /HTTP /1.1 408 ..." entries. Nothing specific to if connection is established or not. I need some troubleshooting steps as well to know what exactly is happening.

Please can you turn debug logging on.

https://nginx.org/en/docs/debugging_log.html

Depend on your installation you will need to start nginx-debug and stop
nginx normal.

> At client side, SSL handshake is completed but no logs after that.
>
>
> -----Original Message-----
> From: Aleksandar Lazic [mailto:[email protected]]
> Sent: Wednesday, April 11, 2018 1:01 PM
> To: nginx@nginx.org; Ajay Sonawane <[email protected]>
> Subject: [EXT] Re: Nginx as reverse proxy for https traffic
>
> Am 11.04.2018 um 07:11 schrieb Ajay Sonawane:
>> I am trying to use Nginx as a reverse proxy in an environment where
>> clients connects to my server (https://myserver:10443
>> https://myserver:10443/). I am trying to use Nginx as a reverse
>> proxy so that client will connect to Nginx proxy and Nginx will
>> forward all requests to backend server. The communication is ssl
>> communication on port 10443. I have installed and configured Nginx but
>> still not able to connect to server through proxy. The configuration
>> is
>>
>> Not sure what I have done wrong. As of now, my backend is speaking to
>> proxy on https on port 10443, but eventually it will be http on port 10443.
>
> What's in the global and http server error log?
> Which version of nginx do you use?
>
> Best regards
> Aleks
>
>> http
>>
>> {
>>
>>    server
>>
>>    {
>>
>>     listen 10443;
>>
>>     ssl on;
>>
>>  
>>
>>      access_log /var/log/nginx/ssl-access.log;
>>
>>      error_log /var/log/nginx/ssl-error.log;
>>
>>  
>>
>>      location /
>>
>>      {
>>
>>         #chunked_transfer_encoding on;
>>
>>         proxy_buffering off;
>>
>>         proxy_pass https://MYSERVER:10443;
>>
>>         proxy_set_header Host $host;
>>
>>         proxy_set_header X-Real-IP $remote_addr;
>>
>>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>
>>         proxy_set_header X-Forwarded-Proto $scheme;
>>
>>         #proxy_redirect off;
>>
>>         #proxy_ssl_session_reuse off;
>>
>>      }
>>
>>  
>>
>>      ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>>
>>      ssl_session_timeout 10m;
>>
>>      keepalive_timeout 60;
>>
>>      ssl_session_cache builtin:1000 shared:SSL:10m;
>>
>>      ssl_ciphers
>> HIGH:!aNULL:!aNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
>>
>>      ssl_prefer_server_ciphers on;
>>
>>      ssl_certificate  /etc/nginx/certs/endpoint/nginx.cer;
>>
>>      ssl_certificate_key /etc/nginx/certs/endpoint/nginx_d.key;
>>
>>  
>>
>>      #ssl_client_certificate /etc/nginx/certs/endpoint/nginx.cer;
>>
>>      #ssl_verify_client off;
>>
>>      #ssl_verify_depth 2;
>>
>>  
>>
>>    }
>>
>> }
>>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login