Nginx plus with ssl on TCP load balance not work

Detlef_R · June 11, 2015, 8:29am

Hi,

I’m using nginx plus with ssl on TCP load balance, Configured like the
documentation, but it not work. (All the IP below is not real-ip)
I have web servers behind, I want to use ssl offloading, and I choose
TCP
load balance. listen on 443 and proxy to web server’s 80.

Page access always report ERR_TOO_MANY_REDIRECTS.

Error log
2015/06/11 03:00:32 [error] 8362#0: *361 upstream timed out (110:
Connection
timed out) while connecting to upstream, client: 10.0.0.1, server:
0.0.0.0:443, upstream: “10.0.0.2:443”, bytes from/to client:656/0, bytes
from/to upstream:0/0

10.0.0.2 this ip is the nginx ip, while it is used as upstream?

The configuration is like this, remove the real ip

server {
listen 80 so_keepalive=30m::10;
proxy_pass backend;
proxy_upstream_buffer 2048k;
proxy_downstream_buffer 2048k;

server {
listen 443 ssl;
proxy_pass backend;
#proxy_upstream_buffer 2048k;
#proxy_downstream_buffer 2048k;
ssl_certificate ssl/chained.crt;
#ssl_certificate ssl/4582cfef411bb.crt;
ssl_certificate_key ssl/zoomus20140410.key;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_handshake_timeout 3s;
#ssl_session_cache shared:SSL:20m;
#ssl_session_timeout 4h;

}


upstream backend {
    server *.*.*.*:80;
    server *.*.*.*:80;
}

nginx -v
nginx version: nginx/1.7.11 (nginx-plus-r6-p1)

And I’m using amazon linux
uname -a
Linux ip-... 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11 22:50:37
UTC
2015 x86_64 x86_64 x86_64 GNU/Linux

BTW, tcp how to set access log?

Posted at Nginx Forum:

huakaibird · June 11, 2015, 9:45am

Hi,

Could you provide the full config of the nginx/stream balancer?

On 11 Jun 2015, at 09:29, huakaibird [email protected] wrote:

2015/06/11 03:00:32 [error] 8362#0: *361 upstream timed out (110: Connection
proxy_pass backend;
ssl_certificate ssl/chained.crt;

And Im using amazon linux
nginx mailing list
[email protected]
nginx Info Page

–
Roman A.

huakaibird · June 11, 2015, 10:26am

What about the 80 port of the stream balancer?
Does it proxy the connection normally?

PS: no access log is supported in the stream module.
Connection information (addresses etc) is logged to error
log with the info loglevel.

On 11 Jun 2015, at 10:49, smith [email protected] wrote:

events {
’
#gzip on;
And the content in previous email is in
Arutyunyan

Hi,
Connection timed out) while connecting to upstream, client: 10.0.0.1,
proxy_pass backend;
ssl_certificate ssl/chained.crt;

And I’m using amazon linux

nginx mailing list
[email protected]
nginx Info Page

nginx mailing list
[email protected]
nginx Info Page

–
Roman A.

huakaibird · June 11, 2015, 9:49am

Nginx.conf:

user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
use epoll;
worker_connections 65535;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local]

“$request”
’
'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;

sendfile        on;
#tcp_nopush     on;

keepalive_timeout  65;

#gzip  on;

include /etc/nginx/conf.d/*.conf;

}

stream {

include /etc/nginx/xxxx.d/*.conf;

}

And the content in previous email is in
xxxx.d/xxxx.conf

There is no file under /etc/nginx/conf.d

Thanks.

-----ʼԭ-----
: [email protected] [mailto:[email protected]] Roman
Arutyunyan
ʱ: 2015611 7:45
ռ: [email protected]
: Re: nginx plus with ssl on TCP load balance not work

Hi,

Could you provide the full config of the nginx/stream balancer?

On 11 Jun 2015, at 09:29, huakaibird [email protected] wrote:

2015/06/11 03:00:32 [error] 8362#0: *361 upstream timed out (110:
Connection timed out) while connecting to upstream, client: 10.0.0.1,
server:
proxy_upstream_buffer 2048k;
#ssl_certificate ssl/4582cfef411bb.crt;
upstream backend {
uname -a

nginx mailing list
[email protected]
nginx Info Page

–
Roman A.

nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

huakaibird · June 11, 2015, 10:27am

The 80 is normal

-----邮件原件-----
发件人: [email protected] [mailto:[email protected]] 代表 Roman
Arutyunyan
发送时间: 2015年6月11日 8:25
收件人: [email protected]
主题: Re: nginx plus with ssl on TCP load balance not work

What about the 80 port of the stream balancer?
Does it proxy the connection normally?

PS: no access log is supported in the stream module.
Connection information (addresses etc) is logged to error log with the
info loglevel.

On 11 Jun 2015, at 10:49, smith [email protected] wrote:

events {
’
#gzip on;
And the content in previous email is in xxxx.d/xxxx.conf
发送时间: 2015年6月11日 7:45

server:
  proxy_upstream_buffer 2048k;
  #ssl_certificate     ssl/4582cfef411bb.crt;
upstream backend {
uname -a
nginx mailing list
[email protected]
nginx Info Page

nginx mailing list
[email protected]
nginx Info Page

–
Roman A.

nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

huakaibird · June 11, 2015, 10:28am

The 80 is normal, And I tried use http ssl, also works. Don’t know Why
TCP not work.

-----邮件原件-----
发件人: [email protected] [mailto:[email protected]] 代表 Roman
Arutyunyan
发送时间: 2015年6月11日 8:25
收件人: [email protected]
主题: Re: nginx plus with ssl on TCP load balance not work

What about the 80 port of the stream balancer?
Does it proxy the connection normally?

PS: no access log is supported in the stream module.
Connection information (addresses etc) is logged to error log with the
info loglevel.

On 11 Jun 2015, at 10:49, smith [email protected] wrote:

events {
’
#gzip on;
And the content in previous email is in xxxx.d/xxxx.conf
发送时间: 2015年6月11日 7:45

server:
  proxy_upstream_buffer 2048k;
  #ssl_certificate     ssl/4582cfef411bb.crt;
upstream backend {
uname -a
nginx mailing list
[email protected]
nginx Info Page

nginx mailing list
[email protected]
nginx Info Page

–
Roman A.

nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx