Hello!
We are running some applications servers (grails) and using nginx as
reverse
proxy before that for caching and load balancing purposes.
everything is working as expected, but now that we received our ssl
certificate, i am failing to route the ssl requests over nginx (i did
understand that i could tell nginx the certificate and then serve the
content of the http only servers in backend via ssl “frontend”).
here is my server block:
upstream foobar {
ip_hash;
server 127.0.0.1:9099;
}
server {
server_name .foobar.lu
listen 443 default_server ssl;
listen 80;
access_log /.zis/logs/access.log;
ssl_certificate /.zis/cert/foobar_lu.crt;
ssl_certificate_key /.zis/cert/foobar.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
location ~* ^/(login|admin|account).*$ {
if ($scheme = "http") {
rewrite ^ https://www.foobar.lu$request_uri permanent;
}
proxy_pass http://foobar;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_redirect off;
}
[.. non-ssl caching stuff..]
}
accessing the page via httpsyields to ERR_CONNECTION_REFUSED and nestat
offers me no-one listening on 443:
root@foo:/home/jeremy# netstat -nl | grep :4
tcp 0 0 0.0.0.0:4242 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:4243 0.0.0.0:*
LISTEN
root@foo:/home/jeremy# netstat -nl | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:*
LISTEN
Is there something special about ssl i did not configure right maybe? I
tried splitting 80 and 443 in separate server blocks but no luck so far.
Any help would be highly appreciated, thanks in advance, Andreas
Posted at Nginx Forum: