Ssl problems

Hi List

I inherited the following setup:

nginx reverse caching proxy load balancing to two real servers. I am
trying to get SSL working.

Here is my config:

++++++++++++++++++++++++++++++++++++++++++++
upstream ssl-apache_cluster {
server 10.0.0.3:443;
server 10.0.0.6:443;
fair;
}

server {
listen 196.37.50.51:443;
client_max_body_size 5M;
client_body_buffer_size 128k;
server_name######################;
access_log /var/log/nginx/##########.access.log;

    ssl on;
    ssl_certificate      /etc/nginx/ssl/#########.crt;
    ssl_certificate_key  /etc/nginx/ssl/domain.key;
    ssl_session_cache shared:SSL:10m;

location / {
access_log off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_pass https://ssl-apache_cluster;
}
location ~*
.(jpg|jpeg|peg|PEG|gif|png|bmp|flv|pdf|ps|doc|mp3|wmv|wma|wav|swf|JPG|BMP|GIF|PNG|JPEG|ogg|mpg|mpeg|mpg4|zip|bz2|rar|xls|docx|avi|djvu|mp4|rtf|ico)$
{
root /var/www/jmredev;
expires 60;
slowfs_cache fastcache;
slowfs_cache_key $uri;
slowfs_cache_valid 7d;
access_log off;
}

    location ~* \.(css|js)$ {
            root /var/www/jmredev;
            expires 60;
            slowfs_cache        fastcache;
            slowfs_cache_key    $uri;
            slowfs_cache_valid  5m;
           access_log        off;
    }

location ~* .(mjs|mcss)$ {
set $domain www.j########; # Change this to your site’s
domain name
set $root_fcgi /var/www/fastcache/; # Change this to the public
root
folder of your site
set $root_cache /var/cache/nginx/minified; # Change this to a
folder in which to cache the minified files
set $min_dir /usr/local/nginx/minify/min; # Change this
folder
to wherever you put the Minify files

include fastcgi_params;
fastcgi_param SITE_ROOT $root_fcgi;
fastcgi_param SCRIPT_FILENAME $min_dir/minifier.php;
fastcgi_param PATH_INFO minifier.php;
fastcgi_param SERVER_NAME $domain;
fastcgi_param CACHE_DIR $root_cache;

root $root_cache;

expires max;

gzip_static on; # You will need to have installed Nginx using the
–with-http_gzip_static_module flag for this to work
gzip_http_version 1.1;
gzip_proxied expired no-cache no-store private auth;
gzip_disable “MSIE [1-6].”;
gzip_vary on;

If there is not already a cached copy, create one

if (!-f $request_filename) {
root $root_fcgi;
fastcgi_pass 127.0.0.1:9000;
}
}

    location ^~ /blog/sites/default/files/ {
            proxy_redirect  off;

            access_log        off;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For 

$proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://ssl-apache_cluster;
}

}

===========================================================================

When I try and start NGINX I get the following error:

reloading nginx configuration: nginx: [emerg] unknown directive “ssl” in
/etc/nginx/sites-enabled/j#########l_ssl:21

And this error in the browser:

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

I am running Ubuntu server 10.04.2 LTS and NGINX 10.0.3

Many thanks

Lawrence

On 3/11/12 8:38 AM, Lawrence Strydom wrote:

upstream ssl-apache_cluster {
access_log /var/log/nginx/##########.access.log;
proxy_set_header X-Forwarded-Server $host;
slowfs_cache fastcache;
slowfs_cache_valid 5m;
folder in which to cache the minified files
root $root_cache;

If there is not already a cached copy, create one

            access_log        off;

===========================================================================

When I try and start NGINX I get the following error:

reloading nginx configuration: nginx: [emerg] unknown directive “ssl” in
/etc/nginx/sites-enabled/j#########l_ssl:21

Most likely nginx is built without ssl.

What’s the output of nginx -V ?

Many thanks

Lawrence


Jim O.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs