Hello!
We are running some applications servers (grails) and using nginx as reverse proxy before that for caching and load balancing purposes.
everything is working as expected, but now that we received our ssl certificate, i am failing to route the ssl requests over nginx (i did understand that i could tell nginx the certificate and then serve the content of the http only servers in backend via ssl "frontend").
here is my server block:
[code]
upstream foobar {
ip_hash;
server 127.0.0.1:9099;
}
server {
server_name .foobar.lu
listen 443 default_server ssl;
listen 80;
access_log /.zis/logs/access.log;
ssl_certificate /.zis/cert/foobar_lu.crt;
ssl_certificate_key /.zis/cert/foobar.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
location ~* ^/(login|admin|account).*$ {
if ($scheme = "http") {
rewrite ^ https://www.foobar.lu$request_uri permanent;
}
proxy_pass http://foobar;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_redirect off;
}
[.. non-ssl caching stuff..]
}
[/code]
accessing the page via httpsyields to ERR_CONNECTION_REFUSED and nestat offers me no-one listening on 443:
root@foo:/home/jeremy# netstat -nl | grep :4
tcp 0 0 0.0.0.0:4242 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4243 0.0.0.0:* LISTEN
root@foo:/home/jeremy# netstat -nl | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
Is there something special about ssl i did not configure right maybe? I tried splitting 80 and 443 in separate server blocks but no luck so far.
Any help would be highly appreciated, thanks in advance, Andreas