Sunday, August 20, 2017

ssl - Nginx upstream block nondefault port

experts.



I am trying to configure nginx/1.10.0 for upstream to 2 https web servers on non standart port with ssl termination.



Here is my current website setup in sites-available/



upstream backend {
        ip_hash;
        server 172.31.16.1:8444;
        server 172.31.16.2:8444;

}
server {
        listen 80;
        listen 443 ssl;
        listen 8444 ssl;
        ssl on;
        server_name backend_1;
        access_log /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log;
        ssl_session_cache shared:SSL:5m;


#--------ssl certificates for fronend------------#
        ssl_certificate /etc/nginx/ssl/nginxSvr.crt;
        ssl_certificate_key /etc/nginx/ssl/nginxSvr.key;
        ssl_verify_client off;

        location / {
        proxy_pass https://172.31.16.1;
#       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_ssl_certificate /etc/nginx/ssl/IPSUMCUICA.crt;

        proxy_ssl_certificate_key /etc/nginx/ssl/IPSUMCUICA.key;
        proxy_ssl_session_reuse off;
        }


It works without using upstream section.
But when I change proxy_pass to proxy_pass https://backend; I got an error 404, and https://backend:8444 in browser.



Apparently it tried to resolve this name and failed, probably after some error but error log is empty in this case.
All suggestions are welcome. Thank you.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...