I am getting this error:
Error frontend: 502 Bad gateway
99.110.244:443
2017/09/28 13:03:51 [error] 34080#34080: *1062 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 10.210.0.81, server: webshop.domain.be, request: "GET / HTTP/1.1", upstream: "https://10.1.10.61:443/", host: "webshop.domain.be"
Config:
# Zone voor connection logging
limit_conn_zone $binary_remote_addr zone=izSSL_webshop-api_CZ:10m;
# Zone voor rate logging
# Hoge rate limit. x r/s is soms wat snel
# 10 MB (10m) will give us enough space to store a history of 160k requests.
limit_req_zone $binary_remote_addr zone=izSSL_webshop-api_RZ:10m rate=20r/s;
upstream webshop_domain_be {
server webshop.domain.be:443;
}
server {
listen 443 ssl;
server_name webshop.domain.be webshop;
client_max_body_size 80M;
ssl_session_cache shared:webshopSSL:1m;
ssl_session_timeout 10m;
ssl_certificate /var/www/certs/webshop.domain.be/webshop.domain.be-chain.pem;
ssl_certificate_key /var/www/certs/webshop.domain.be/webshop.domain.be-key.pem;
ssl_verify_client off;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_ssl_session_reuse off;
proxy_pass $scheme://webshop_domain_be;
}
}
nginx version: nginx/1.10.3 (Ubuntu)
Other server (10.1.10.61) is an IIS Server with the same certificate as I'm using in this proxy (correct?). It's not an IIS problem; and the proxy server can reach 10.1.10.61 / port 443
Config based on https://serverfault.com/questions/583374/configure-nginx-as-reverse-proxy-with-upstream-ssl
I am using Let's Encrypt certificates.
proxy_ssl_server_name on;
to your proxy_pass block and see if it helps – Tarun Lalwaniwebshop.domain.be
? – Tarun Lalwaniwebshop.domain.be:443
to the actual ip. And useproxy_ssl_name "webshop.domain.be"
. If that doesn't work try addingproxy_ssl_server_name on;
as well – Tarun Lalwani