Hey,
I have a local setup of NGINX on Windows acting as a HTTPS proxy to another local HTTPS UI (i'm testing out some configuration, these will be on remote servers in due course), however, despite the configuration it appears to be downgrading the upstream connection to HTTP which then fails and results in a HTTP 502 (Bad Gateway), confirmed via browser network logs that the 502 is an immediate response to the initial request.
Anyone have any thoughts on why it would be downgrading?
BTW: I know there will be more configuration required in due course (e.g. proxy_redirect) for now i'm trying to sort out the basic connectivity.
Details below ............... Note that the upstream URL in the log extract has been downgraded to HTTP rather than using HTTPS per the configuration. I've also tried disabling ssl session reuse, increasing timeouts and explicitly configuring a trusted cert - all to no avail.
UI URL : https://locahost:9443/publisher/
* confirmed as accessible - normally returns a 302 Redirect
* using a generated certificate
NGINX Configuration :
* using a generated certificate
server {
listen 443 ssl;
server_name localhost;
ssl_certificate nginx.pem;
ssl_certificate_key nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /gateway-pub/ {
proxy_pass https://localhost:9443/publisher/;
proxy_set_header Host localhost:9443;
proxy_ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
proxy_ssl_verify off;
}
}
NGINX error.log while accessing https://localhost/gateway-pub/ :
2017/08/11 11:54:28 [error] 15920#10248: *109 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /gateway-pub/ HTTP/1.1", upstream: "http://[::1]:9443/publisher/", host: "localhost"
2017/08/11 11:54:28 [error] 15920#10248: *109 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /gateway-pub/ HTTP/1.1", upstream: "http://127.0.0.1:9443/publisher/", host: "localhost"
(no warnings/errors reported on loading the configuration and no additional information, or anything seemingly relevant, with increased logging when the above error is reported)
