Welcome! Log In Create A New Profile

Advanced

Re: Reverse Proxy 502 Bad Gateway

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
March 03, 2023 03:46PM
Hello!

On Fri, Mar 03, 2023 at 04:33:25PM +0100, Hans Müller wrote:

> Hello,
> I am working in a proxmox environment, setting up a ngnix reverse proxy
> (192.168.178.103) forwarding requests via https to a nginx backend
> server (192.168.178.105). On the backend server shellinabox is
> installed. Request from the internet are secured via a Letsentcrypt
> certificate. For the encryption to the backend server I use a
> self-signed certificate.
> When I want to open the next-shell.example.com I get an 502 Bad Gateway
> error
> On the reverse proxy are the following configs
> HttpGateway

[...]

> location / {
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_ssl_certificate /etc/selfcerts/stern-example-cert-chain.pem;
> proxy_ssl_certificate_key /etc/selfcerts/stern-example-key.pem;
> proxy_ssl_verify off;
> proxy_pass [1]https://192.168.178.105:4200;

Note you are proxying using the "https" protocol.

[...]

> On the backend server there is the following config
> next-shell.example.com
> server {
> listen 192.168.178.105:4200;
> server_name next-shell.example.com;

But the backend is not configured to use SSL on the socket (or at
least this is not something visible from the configuration
provided). Note no "ssl" parameter on the listen directive.

[...]

> When I try to open the page there is this error in the nginx error log
> {{{
> [error] 1103#1103: *1 SSL_do_handshake() failed (SSL:
> error:0A00010B:SSL routines::wrong version
> number) while SSL handshaking to upstream, client: 95.116.52.151,
> server: next-shell.example.com, request: "GET /f
> avicon.ico HTTP/2.0", upstream:
> "[3]https://192.168.178.105:4200/favicon.ico", host:
> "next-shell.example.com"
> }}}
>
> Any idea, what I can do here?

The error is somewhat expected: you are trying to connect to
non-SSL port using SSL, and this is expected to fail.

You should either configure SSL on the backend, or change proxying
to use the "http" protocol instead.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Reverse Proxy 502 Bad Gateway

Hans345 March 03, 2023 10:34AM

Re: Reverse Proxy 502 Bad Gateway

Maxim Dounin March 03, 2023 03:46PM

Aw: Re: Reverse Proxy 502 Bad Gateway

Hans345 March 04, 2023 11:30AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

pamplemousse
Guests: 242
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready