Hello list,
My apache vhosts are configured to take care of SSL connections. I have
installed nginix as http accelerator. How can I instruct nginx to pass
all
SSL request to apache SSL vhost ?
Thanks
Hello list,
My apache vhosts are configured to take care of SSL connections. I have
installed nginix as http accelerator. How can I instruct nginx to pass
all
SSL request to apache SSL vhost ?
Thanks
Hello,
I like to mention the following error from nginx log
*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking
to
upstream
though the ssl is working fine with apache along (after proper
modification
in apache vhost ) when nginx is down.
Any clue please ?
Thanks
On Mon, Apr 21, 2014 at 11:31 AM, Joydeep Bakshi <
On 21 Apr 2014 07:01, “Joydeep Bakshi” [email protected]
wrote:
Hello list,
My apache vhosts are configured to take care of SSL connections. I have
installed nginix as http accelerator. How can I instruct nginx to pass
all
SSL request to apache SSL vhost ?
Most simply, try stopping nginx listening on port 443 and make apache
listen on 443.
If you want more advanced suggestions than that, you’ll probably have to
explain what you’re trying to do in more detail.
J
Hello Jonathan,
thanks for your response. Here is the details what I have done so far.
SSL configuration for nginx is as below
server {
listen 443 ssl;
server_name example.com http://example2.com;
gzip on; # Turn on gZip
gzip_disable msie6;
gzip_static on;
gzip_comp_level 9;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml
application/xml application/xml+rss text/javascript;
ssl_certificate /etc/apache2/myca/server.crt;
ssl_certificate_key /etc/apache2/myca/ssl.key;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off; # Do not redirect this proxy - It needs to be
pass-through
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Server-Address $server_addr;
proxy_pass_header Set-Cookie;
proxy_pass https://127.0.0.1:4443;
}
}
accordingly apache has
Listen 4443
VirtualHostexample.com:4443
DocumentRoot /srv/www/htdocs/xxx
SSLEngine on
#Here, I am allowing only “high” and “medium” security key lengths.
SSLCipherSuite HIGH:MEDIUM
#Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
SSLProtocol all -SSLv2
#Server Certificate:
SSLCertificateFile /etc/apache2/myca/server.crt
#Server Private Key:
SSLCertificateKeyFile /etc/apache2/myca/ssl.key
SSLCertificateChainFile /etc/apache2/myca/ssl.crt
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
DirectoryIndex index.php
<Directory “/srv/www/htdocs/xxxi/”>
Options Indexes FollowSymLinks MultiViews
AllowOverride ALL
Options None
Order allow,deny
Allow from all
but when try to access SSL , nginx error.log shows
*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking
to
upstream
Hope the info help
Thanks
On Mon, Apr 21, 2014 at 2:18 PM, Jonathan M.
Hello Jonathan,
thanks for your response. Here is the details what I have done so far.
SSL configuration for nginx is as below
server {
listen 443 ssl;
server_name example.com http://example2.com;
gzip on; # Turn on gZip
gzip_disable msie6;
gzip_static on;
gzip_comp_level 9;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml
application/xml application/xml+rss text/javascript;
ssl_certificate /etc/apache2/myca/server.crt;
ssl_certificate_key /etc/apache2/myca/ssl.key;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off; # Do not redirect this proxy - It needs to be
pass-through
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Server-Address $server_addr;
proxy_pass_header Set-Cookie;
proxy_pass https://127.0.0.1:4443;
}
}
accordingly apache has
Listen 4443
DocumentRoot /srv/www/htdocs/xxx
SSLEngine on
#Here, I am allowing only “high” and “medium” security key lengths.
SSLCipherSuite HIGH:MEDIUM
#Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
SSLProtocol all -SSLv2
#Server Certificate:
SSLCertificateFile /etc/apache2/myca/server.crt
#Server Private Key:
SSLCertificateKeyFile /etc/apache2/myca/ssl.key
SSLCertificateChainFile /etc/apache2/myca/ssl.crt
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
DirectoryIndex index.php
<Directory “/srv/www/htdocs/xxxi/”>
Options Indexes FollowSymLinks MultiViews
AllowOverride ALL
Options None
Order allow,deny
Allow from all
but when try to access SSL , nginx error.log shows
*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking
to
upstream
Hope the info help
Thanks
On Mon, Apr 21, 2014 at 2:18 PM, Jonathan M.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs