Welcome! Log In Create A New Profile

Re: how to allow apache to control SSL traffic ?

Forum List Message List New Topic Print View

Joydeep Bakshi

April 21, 2014 05:32AM

Hello Jonathan,

thanks for your response. Here is the details what I have done so far.

SSL configuration for nginx is as below

server {

listen 443 ssl;
server_name example.com http://example2.com;
gzip on; # Turn on gZip
gzip_disable msie6;
gzip_static on;
gzip_comp_level 9;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml
application/xml application/xml+rss text/javascript;

ssl_certificate /etc/apache2/myca/server.crt;
ssl_certificate_key /etc/apache2/myca/ssl.key;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
proxy_redirect off; # Do not redirect this proxy - It needs to be
pass-through
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Server-Address $server_addr;
proxy_pass_header Set-Cookie;
proxy_pass https://127.0.0.1:4443;

}
}

accordingly apache has

Listen 4443
<VirtualHost example.com:4443>
# General setup for the virtual host

DocumentRoot /srv/www/htdocs/xxx

SSLEngine on
#Here, I am allowing only "high" and "medium" security key lengths.
SSLCipherSuite HIGH:MEDIUM
#Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
SSLProtocol all -SSLv2
#Server Certificate:
SSLCertificateFile /etc/apache2/myca/server.crt
#Server Private Key:
SSLCertificateKeyFile /etc/apache2/myca/ssl.key
# Server Certificate Chain
SSLCertificateChainFile /etc/apache2/myca/ssl.crt

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

DirectoryIndex index.php

<Directory "/srv/www/htdocs/xxxi/">
Options Indexes FollowSymLinks MultiViews
AllowOverride ALL
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

but when try to access SSL , nginx error.log shows

*453 SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to
upstream

Hope the info help

Thanks

On Mon, Apr 21, 2014 at 2:18 PM, Jonathan Matthews
<contact@jpluscplusm.com>wrote:

> On 21 Apr 2014 07:01, "Joydeep Bakshi" <joydeep.bakshi@netzrezepte.de>
> wrote:
> >
> > Hello list,
> >
> > My apache vhosts are configured to take care of SSL connections. I have
> installed nginix as http accelerator. How can I instruct nginx to pass all
> SSL request to apache SSL vhost ?
>
> Most simply, try stopping nginx listening on port 443 and make apache
> listen on 443.
>
> If you want more advanced suggestions than that, you'll probably have to
> explain what you're trying to do in more detail.
>
> J
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
how to allow apache to control SSL traffic ?	Joydeep Bakshi	April 21, 2014 02:02AM
Re: how to allow apache to control SSL traffic ?	Joydeep Bakshi	April 21, 2014 04:20AM
Re: how to allow apache to control SSL traffic ?	Jonathan Matthews	April 21, 2014 04:50AM
Re: how to allow apache to control SSL traffic ?	Joydeep Bakshi	April 21, 2014 05:32AM
Re: how to allow apache to control SSL traffic ?	Joydeep Bakshi	April 21, 2014 05:38AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 153

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018