Nginx upstream to https host - ssl3_get_record:wrong version number
up vote
1
down vote
favorite
I am trying to proxy requests to a remote server, this is how I configure my Nginx
upstream myupstream {
server remote-hostname;
}
...
location ~ ^/(v1|v2|v3)/.*$ {
proxy_pass https://myupstream;
# also tried these options:
# proxy_ssl_server_name on;
# proxy_ssl_verify off;
# proxy_set_header Host <remote-hostname-here>;
# proxy_set_header X_FORWARDED_PROTO https;
}
As a result I see error 502 page and this record in error.log
2018/11/10 19:41:38 [error] 8410#8410: *1 SSL_do_handshake() failed
(SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)
while SSL handshaking to upstream, client: 127.0.0.1, server: <my-web-host-here>,
request: "GET /v1/some/page HTTP/1.1",
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
host: "<my-web-host-here>"
What could cause this?
Note: This nginx proxy is on my local machine.
ssl nginx https
add a comment |
up vote
1
down vote
favorite
I am trying to proxy requests to a remote server, this is how I configure my Nginx
upstream myupstream {
server remote-hostname;
}
...
location ~ ^/(v1|v2|v3)/.*$ {
proxy_pass https://myupstream;
# also tried these options:
# proxy_ssl_server_name on;
# proxy_ssl_verify off;
# proxy_set_header Host <remote-hostname-here>;
# proxy_set_header X_FORWARDED_PROTO https;
}
As a result I see error 502 page and this record in error.log
2018/11/10 19:41:38 [error] 8410#8410: *1 SSL_do_handshake() failed
(SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)
while SSL handshaking to upstream, client: 127.0.0.1, server: <my-web-host-here>,
request: "GET /v1/some/page HTTP/1.1",
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
host: "<my-web-host-here>"
What could cause this?
Note: This nginx proxy is on my local machine.
ssl nginx https
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am trying to proxy requests to a remote server, this is how I configure my Nginx
upstream myupstream {
server remote-hostname;
}
...
location ~ ^/(v1|v2|v3)/.*$ {
proxy_pass https://myupstream;
# also tried these options:
# proxy_ssl_server_name on;
# proxy_ssl_verify off;
# proxy_set_header Host <remote-hostname-here>;
# proxy_set_header X_FORWARDED_PROTO https;
}
As a result I see error 502 page and this record in error.log
2018/11/10 19:41:38 [error] 8410#8410: *1 SSL_do_handshake() failed
(SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)
while SSL handshaking to upstream, client: 127.0.0.1, server: <my-web-host-here>,
request: "GET /v1/some/page HTTP/1.1",
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
host: "<my-web-host-here>"
What could cause this?
Note: This nginx proxy is on my local machine.
ssl nginx https
I am trying to proxy requests to a remote server, this is how I configure my Nginx
upstream myupstream {
server remote-hostname;
}
...
location ~ ^/(v1|v2|v3)/.*$ {
proxy_pass https://myupstream;
# also tried these options:
# proxy_ssl_server_name on;
# proxy_ssl_verify off;
# proxy_set_header Host <remote-hostname-here>;
# proxy_set_header X_FORWARDED_PROTO https;
}
As a result I see error 502 page and this record in error.log
2018/11/10 19:41:38 [error] 8410#8410: *1 SSL_do_handshake() failed
(SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)
while SSL handshaking to upstream, client: 127.0.0.1, server: <my-web-host-here>,
request: "GET /v1/some/page HTTP/1.1",
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
host: "<my-web-host-here>"
What could cause this?
Note: This nginx proxy is on my local machine.
ssl nginx https
ssl nginx https
asked Nov 11 at 4:23
Pavel
1,3351326
1,3351326
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number
.
Thanks mate! I added port to upstream configurationserver remote-hostname:443;
and that fixed the issue as you sugested! I thought that since I am already specifyinghttps://
inproxy_pass https://myupstream;
it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port80
in the log entry. So thank you very much, good catch!
– Pavel
Nov 11 at 6:40
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number
.
Thanks mate! I added port to upstream configurationserver remote-hostname:443;
and that fixed the issue as you sugested! I thought that since I am already specifyinghttps://
inproxy_pass https://myupstream;
it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port80
in the log entry. So thank you very much, good catch!
– Pavel
Nov 11 at 6:40
add a comment |
up vote
2
down vote
accepted
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number
.
Thanks mate! I added port to upstream configurationserver remote-hostname:443;
and that fixed the issue as you sugested! I thought that since I am already specifyinghttps://
inproxy_pass https://myupstream;
it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port80
in the log entry. So thank you very much, good catch!
– Pavel
Nov 11 at 6:40
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number
.
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number
.
answered Nov 11 at 5:54
Steffen Ullrich
58.4k35395
58.4k35395
Thanks mate! I added port to upstream configurationserver remote-hostname:443;
and that fixed the issue as you sugested! I thought that since I am already specifyinghttps://
inproxy_pass https://myupstream;
it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port80
in the log entry. So thank you very much, good catch!
– Pavel
Nov 11 at 6:40
add a comment |
Thanks mate! I added port to upstream configurationserver remote-hostname:443;
and that fixed the issue as you sugested! I thought that since I am already specifyinghttps://
inproxy_pass https://myupstream;
it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port80
in the log entry. So thank you very much, good catch!
– Pavel
Nov 11 at 6:40
Thanks mate! I added port to upstream configuration
server remote-hostname:443;
and that fixed the issue as you sugested! I thought that since I am already specifying https://
in proxy_pass https://myupstream;
it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80
in the log entry. So thank you very much, good catch!– Pavel
Nov 11 at 6:40
Thanks mate! I added port to upstream configuration
server remote-hostname:443;
and that fixed the issue as you sugested! I thought that since I am already specifying https://
in proxy_pass https://myupstream;
it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80
in the log entry. So thank you very much, good catch!– Pavel
Nov 11 at 6:40
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245818%2fnginx-upstream-to-https-host-ssl3-get-recordwrong-version-number%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown