Welcome! Log In Create A New Profile

Advanced

Exploring Nginx features for my client Cloud requirement

Posted by siva.pannier 
Forum List Message List New Topic
siva.pannier
Exploring Nginx features for my client Cloud requirement
June 19, 2020 02:50AM
Hi there,

I am exploring the features of Nginx features and doing a POC with all the possible use cases. If all goes well, probably there would be a huge investment on the Nginx to use it our cloud based architecture.

Currently exploring an option on TCP SSL termination on Nginx for a SSL connection from Java JDBC client. Facing issues, any guidance would be speed up my POC and complete it.

I'm using nginx on Windows 10 and using the opensource version.

Error.log:
###################
2020/06/19 11:51:51 [debug] 12568#16420: timer delta: 17
2020/06/19 11:51:51 [debug] 12568#16420: posted event 03004310
2020/06/19 11:51:51 [debug] 12568#16420: *1 delete posted event 03004310
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL handshake handler: 0
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL_do_handshake: -1
2020/06/19 11:51:51 [debug] 12568#16420: *1 SSL_get_error: 5
2020/06/19 11:51:51 [info] 12568#16420: *1 peer closed connection in SSL handshake while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:1592
2020/06/19 11:51:51 [debug] 12568#16420: *1 finalize stream session: 500
2020/06/19 11:51:51 [debug] 12568#16420: *1 stream log handler
2020/06/19 11:51:51 [debug] 12568#16420: *1 close stream connection: 368
2020/06/19 11:51:51 [debug] 12568#16420: *1 event timer del: 368: 3409871779
2020/06/19 11:51:51 [debug] 12568#16420: *1 select del event fd:368 ev:768

Error from JDBC Client:
###################
.....
.....
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
SQL State: 08006
IO Error: The Network Adapter could not establish the connection

Java code:
###################
....
....
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=1592))(CONNECT_DATA=(SERVICE_NAME=xe)))";
String user="sys as sysdba";
String pwd="1234";

Properties props = new Properties();
props.setProperty("url", url);
props.setProperty("user", user);
props.setProperty("password", pwd);
props.setProperty("oracle.net.ssl_cipher_suites", "(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256)");
.....
.....
try (Connection conn=DriverManager.getConnection(url,props)) { //failing on this line of code
....
....

Nginx.conf:
###################

upstream db_backend {
server localhost:1521; #Local database server which is not SSL enabled.
}

server {
listen 1592 ssl;
listen [::]:1592 ssl;
proxy_pass db_backend;

ssl_certificate C:/Users/SivaPannier/Documents/Siva/IBM/Software/openSSL/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key C:/Users/SivaPannier/Documents/Siva/IBM/Software/openSSL/ssl/nginx-selfsigned.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
ssl_handshake_timeout 30s;
}



Thanks,
Siva P
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 290
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready