Two problems with proxy_pass and upstream

I am trying to proxy traffic to a pair of apache web servers using nginx
with proxy_pass and upstream. All works well for port 80, even given
that the apache server is using NameVirtualHost and has a half-dozen
sites on it. All fine.

The problems I have are for traffic going to port 443 (SSL) and 9090
(this is a java app).

SSL traffic results in the following error:
Secure Connection Failed
An error occurred during a connection to www.gcnpublishing.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The page you are trying to view can not be shown because the
authenticity of the received data could not be verified.

  • Please contact the web site owners to inform them of this problem.

Traffic to: http://www.gcnpublishing.com:9090/ results in:
The requested URL /login.jsp was not found on this server.
Apache/2.0.52 (CentOS) Server at www.gcnpublishing.com Port 80
And the URL is rewritten as:
http://www.gcnpublishing.com/login.jsp?url=%2Findex.jsp
Which is getting mangled. However if I enter:
http://www.gcnpublishing.com:9090/login.jsp?url=%2Findex.jsp
It seems to work. Somehow it’s getting re-written in correctly.

Here are my configs:
upstream gcn-chat {
server 74.201.38.2:9090 ;
server 74.201.39.2:9090 backup ;
}

server {
listen 74.201.40.2:9090 ;
server_name gcn-chat.gcnpublishing.com ;

location / {
proxy_pass http://gcn-chat ;
proxy_redirect off;
proxy_set_header Host $host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;

}

Load a bunch of stuff for proxying

include /etc/nginx/proxy.conf ;

}

upstream gcn-ssl {
server 74.201.38.2:443 ;
server 74.201.39.2:443 backup ;
}

server {
listen 74.201.40.2:443 ;
server_name www.gcnpublishing.com ;
ssl on ;
location / {
proxy_set_header X-FORWARDED_PROTO https;
proxy_pass https://gcn-ssl ;
include /etc/nginx/proxy.conf ;
}
} # server

upstream 74.201.40.2 {
server 74.201.38.2 ;
server 74.201.39.2 backup ;
}

   server {

listen 74.201.40.2:80;
server_name www.gcnpublishing.com ;
access_log logs/74.201.40.2-access_log ;

   location / {
   proxy_pass http://74.201.40.2$request_uri ;
   # proxy_pass http://$proxy_host:$proxy_port/ ;
   }

Load a bunch of stuff for proxying

   include /etc/nginx/proxy.conf ;

}

And /etc/nginx/proxy.conf

proxy.conf

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

Any suggestions or advice would be greatly appreciated.

sean


Sean F.
GCN Publishing, Inc.
Internet Design, Development and Consulting For Today’s Media Companies
http://www.gcnpublishing.com
(203) 665-6211, x203