How to allow apache to control SSL traffic?

Hello list,

My apache vhosts are configured to take care of SSL connections. I have
installed nginix as http accelerator. How can I instruct nginx to pass
all
SSL request to apache SSL vhost ?

Thanks

Hello,

I like to mention the following error from nginx log

*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking
to
upstream

though the ssl is working fine with apache along (after proper
modification
in apache vhost ) when nginx is down.

Any clue please ?

Thanks

On Mon, Apr 21, 2014 at 11:31 AM, Joydeep Bakshi <

On 21 Apr 2014 07:01, “Joydeep Bakshi” [email protected]
wrote:

Hello list,

My apache vhosts are configured to take care of SSL connections. I have
installed nginix as http accelerator. How can I instruct nginx to pass
all
SSL request to apache SSL vhost ?

Most simply, try stopping nginx listening on port 443 and make apache
listen on 443.

If you want more advanced suggestions than that, you’ll probably have to
explain what you’re trying to do in more detail.

J

Hello Jonathan,

thanks for your response. Here is the details what I have done so far.

SSL configuration for nginx is as below

server {

listen 443 ssl;
server_name example.com http://example2.com;
gzip on; # Turn on gZip
gzip_disable msie6;
gzip_static on;
gzip_comp_level 9;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml
application/xml application/xml+rss text/javascript;

ssl_certificate /etc/apache2/myca/server.crt;
ssl_certificate_key /etc/apache2/myca/ssl.key;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
proxy_redirect off; # Do not redirect this proxy - It needs to be
pass-through
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Server-Address $server_addr;
proxy_pass_header Set-Cookie;
proxy_pass https://127.0.0.1:4443;

}
}

accordingly apache has

Listen 4443
VirtualHostexample.com:4443

General setup for the virtual host

DocumentRoot /srv/www/htdocs/xxx

SSLEngine on
#Here, I am allowing only “high” and “medium” security key lengths.
SSLCipherSuite HIGH:MEDIUM
#Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
SSLProtocol all -SSLv2
#Server Certificate:
SSLCertificateFile /etc/apache2/myca/server.crt
#Server Private Key:
SSLCertificateKeyFile /etc/apache2/myca/ssl.key

Server Certificate Chain

SSLCertificateChainFile /etc/apache2/myca/ssl.crt

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

DirectoryIndex index.php

<Directory “/srv/www/htdocs/xxxi/”>
Options Indexes FollowSymLinks MultiViews
AllowOverride ALL
Options None
Order allow,deny
Allow from all

but when try to access SSL , nginx error.log shows

*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking
to
upstream

Hope the info help

Thanks

On Mon, Apr 21, 2014 at 2:18 PM, Jonathan M.

Hello Jonathan,

thanks for your response. Here is the details what I have done so far.

SSL configuration for nginx is as below

server {

listen 443 ssl;
server_name example.com http://example2.com;
gzip on; # Turn on gZip
gzip_disable msie6;
gzip_static on;
gzip_comp_level 9;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml
application/xml application/xml+rss text/javascript;

ssl_certificate /etc/apache2/myca/server.crt;
ssl_certificate_key /etc/apache2/myca/ssl.key;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
proxy_redirect off; # Do not redirect this proxy - It needs to be
pass-through
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Server-Address $server_addr;
proxy_pass_header Set-Cookie;
proxy_pass https://127.0.0.1:4443;

}
}

accordingly apache has

Listen 4443

General setup for the virtual host

DocumentRoot /srv/www/htdocs/xxx

SSLEngine on
#Here, I am allowing only “high” and “medium” security key lengths.
SSLCipherSuite HIGH:MEDIUM
#Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
SSLProtocol all -SSLv2
#Server Certificate:
SSLCertificateFile /etc/apache2/myca/server.crt
#Server Private Key:
SSLCertificateKeyFile /etc/apache2/myca/ssl.key

Server Certificate Chain

SSLCertificateChainFile /etc/apache2/myca/ssl.crt

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

DirectoryIndex index.php

<Directory “/srv/www/htdocs/xxxi/”>
Options Indexes FollowSymLinks MultiViews
AllowOverride ALL
Options None
Order allow,deny
Allow from all

but when try to access SSL , nginx error.log shows

*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking
to
upstream

Hope the info help

Thanks

On Mon, Apr 21, 2014 at 2:18 PM, Jonathan M.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs