I seem to be having a problem with the secure reverse proxy. I have a "Synology Disk Station" that hosts Apache virtual servers with one being an administration web panel, and the other "https://192.168.2.2/photo" being a photo/blogging site.
I have googled around and looked at the NGINX forum and have found no solution to this problem or as to what is causing it. When I first launch nginx everything seems to work fine as expected, but after X amount of time testing (clearing client cache and using other browsers) I start intermittently getting "502 Bad Gateway" errors from Nginx. Both Nginx and Synology use a self-signed certificate. I have done a wireshark packet dump from Nginx and decrypted the packets via the server's private key, and the only thing I noticed was 302 Not modified headers and the SSL Alerts with Key renegotiation.
My network setup can be described as bellow:
192.168.2.2 [Synology (Apache)] <-> 192.168.2.151 [Nginx] <-> External [Client]
My router is setup to serve only HTTPS 443 connections from my LAN to external.
Versions:
nginx version: nginx/0.7.65 on Ubuntu 10.04.1 LTS (lucid)
Server version: Apache/2.2.16 (Unix)
[Nginx Config]
server {
listen 443;
ssl on;
server_name home.fractalengine.com;
##LOG
access_log /var/log/nginx/localhost.access.log;
##SSL Params
ssl_certificate ssl/storage.in.crt;
ssl_certificate_key ssl/storage.key;
keepalive_timeout 60;
ssl_verify_client off;
ssl_session_cache off;
location / {
proxy_pass https://192.168.2.2;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
}
location /doc {
root /usr/share;
autoindex on;
allow 127.0.0.1;
deny all;
}
location /images {
root /usr/share;
autoindex on;
}
[NGINX ERROR Log]
2010/10/22 17:23:24 [error] 5206#0: *501 SSL_do_handshake() failed (SSL: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while SSL handshaking to upstream, client: 69.xx.xxx.x, server: home.myDomain.com, request: "GET /blog/modules/friend_link.js HTTP/1.1", upstream: "https://192.168.2.2:443/blog/modules/friend_link.js", host: "home.myDomain.com", referrer: "https://home.myDomain.com/blog/admin_index.php"
2010/10/22 17:23:24 [error] 5206#0: *506 SSL_do_handshake() failed (SSL: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while SSL handshaking to upstream, client: 69.xx.xxx.x, server: home.myDomain.com, request: "GET /blog/modules/label_cloud.js HTTP/1.1", upstream: "https://192.168.2.2:443/blog/modules/label_cloud.js", host: "home.myDomain.com", referrer: "https://home.myDomain.com/blog/admin_index.php"
2010/10/22 17:23:24 [error] 5206#0: *504 SSL_do_handshake() failed (SSL: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while SSL handshaking to upstream, client: 69.xx.xxx.x, server: home.myDomain.com, request: "GET /blog/modules/statistical_data.js HTTP/1.1", upstream: "https://192.168.2.2:443/blog/modules/statistical_data.js", host: "home.myDomain.com", referrer: "https://home.myDomain.com/blog/admin_index.php"
2010/10/22 17:23:24 [error] 5206#0: *507 SSL_do_handshake() failed (SSL: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed) while SSL handshaking to upstream, client: 69.xx.xxx.x, server: home.myDomain.com, request: "GET /blog/modules/recent_article.js HTTP/1.1", upstream: "https://192.168.2.2:443/blog/modules/recent_article.js", host: "home.myDomain.com", referrer: "https://home.myDomain.com/blog/admin_index.php"
Again the weird thing is it stops working after X amount of time testing. I'm starting to think it has something to do with the connection timeout from Nginx to Apache?? Or maybe something with the Cache?
Any help would be greatly appreciated!
Thanks!
