I am trying to configure nginx to work as a proxy to a remote server. The connection must be secured by TLSv1.2.
This is my nginx version/config:
# nginx -V
nginx version: nginx/1.13.9
built with OpenSSL 1.0.2p 14 Aug 2018
TLS SNI support enabled
configure arguments: --crossbuild=Linux:arm --with-endian=little --with-int=4 --with-long=4 --with-long-long=8 --with-ptr-size=4 --with-sig-atomic-t=4 --with-size-t=4 --with-off-t=4 --with-time-t=4 --with-sys-nerr=132 --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --pid-path=/run/nginx/nginx.pid --prefix=/usr --with-http_ssl_module --with-http_gzip_static_module --with-http_sub_module --with-stream --with-stream_ssl_module
Then I test using netcat. Send a message of 12 bytes, and expect 12 bytes to be returned. It looks like the connection is established, tx is ok, but zero bytes are received. Note: The same setup works using stunnel.
Here is the log:
echo -n -e "\x02\x04\x00\x77\x03\x00\x62\x01\x31\x37\x8e\x03" | nc 10.28.151.113 8000
log:
2020/06/04 13:16:42 [info] 7254#0: *23 client 10.28.151.113:50234 connected to 0.0.0.0:8000
2020/06/04 13:16:42 [info] 7254#0: *23 proxy 10.28.151.113:59176 connected to 10.28.151.188:8000
2020/06/04 13:16:42 [info] 7254#0: *23 client disconnected, bytes from/to client:12/0, bytes from/to upstream:0/12
nginx stream conf block:
stream {
upstream nwgt1 {
server 10.28.151.188:8000;
}
server {
listen 8000;
proxy_pass nwgt1;
proxy_ssl on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /media/appfs/etc/ssl/ca-nwgt.crt;
proxy_ssl_name *.GVR_Local.net;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
Using tcpdump I can see encrypted traffic between the hosts.
I tried to enable debug log level, but it did not reveal anything...
Any pointers to what I am missing? How to diagnose further?
Thanks!
Lars