Some problem with SSL on 0.6.31, same config works on 0.5.35

SSL times out or gives blank page…
What has changed from 0.5.35 to 0.6.31 for ssl support?

Log file shows:
2008/06/18 09:24:04 [error] 21382#0: *33 upstream timed out (110:
Connection timed out) while reading upstream, client: x.x.x.x, server:
blah.com, request: “GET /favicon.ico HTTP/1.1”, upstream:
https://2.2.2.2:443/favicon.ico”, host: “1.1.1.1”

It shows this on every SSL request to the backend.

Configuration ::

user www www;

worker_processes 16;
error_log logs/error.log;
worker_rlimit_nofile 65000;

events
{

    worker_connections 40000;

}

http
{
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
output_buffers 8 256k;
server_tokens off;
ssl_verify_client off;
ssl_session_timeout 5m;

cache_max_size 24;

    gzip on;

gzip_min_length 1100;

    gzip_buffers 4 8k;

gzip_types text/plain text/html text/xhtml text/css text/js;

    proxy_buffering on;
    proxy_buffer_size 1024k;
    proxy_buffers 16 512k;
    proxy_busy_buffers_size 4096k;
    proxy_temp_file_write_size 1024k;
    proxy_intercept_errors on;
    client_body_buffer_size 2048k;

    server
    {
            listen 1.1.1.1:443;
            ssl on;
            ssl_certificate         /usr/local/nginx/conf/1234.crt;
            ssl_certificate_key     /usr/local/nginx/conf/1234.key;
            location /
            {
                    proxy_pass https://2.2.2.2;
                    proxy_redirect https://2.2.2.2/

http://$http_host/;
proxy_redirect default;
proxy_set_header Host
$host;
proxy_set_header X-Real-IP
$remote_addr;
proxy_set_header X-Forwarded-For
$remote_addr;
proxy_set_header X-FORWARDED_PROTO https;
}
}

}

On Wed, Jun 18, 2008 at 11:13:39AM -0400, Paul wrote:

SSL times out or gives blank page…
What has changed from 0.5.35 to 0.6.31 for ssl support?

Log file shows:
2008/06/18 09:24:04 [error] 21382#0: *33 upstream timed out (110:
Connection timed out) while reading upstream, client: x.x.x.x, server:
blah.com, request: “GET /favicon.ico HTTP/1.1”, upstream:
https://2.2.2.2:443/favicon.ico”, host: “1.1.1.1”

It shows this on every SSL request to the backend.

This bug had appeared in 0.6.9.
It seems no one uses proxy_pass https:// in 0.6.x.
The attached patch should fix the bug.

On Wed, Jun 18, 2008 at 11:23:46PM +0400, Igor S. wrote:

It shows this on every SSL request to the backend.

This bug had appeared in 0.6.9.
It seems no one uses proxy_pass https:// in 0.6.x.
The attached patch should fix the bug.

The updated patch.

I have seen this previously, some apps want a proxy_pass with http,
other want https.

On Wed, Jun 18, 2008 at 06:53:55PM -0400, Paul wrote:

Thank you… :]
If no one use proxy_pass https:// on 0.6 then what do they use? :slight_smile:

0.5.x, as you :slight_smile:

Thank you… :]
If no one use proxy_pass https:// on 0.6 then what do they use? :slight_smile:

LOL! Thank you Igor :slight_smile: