Hi all, I very new to NGINX, but thought that it might be the best tool to achieve a reverse proxy ( in the DMZ ) for an internal HTTPS server.
Unfortunately it isn't working and I get 502 Bad Gateway message if I check in the error Log I see : 2014/10/07 17:38:27 [crit] 2606#0: *1 connect() to 172.16.36.155:9999 failed (13: Permission denied) while connecting to upstream, client: 10.51.44.100, server: ping0a.cisco.net, request: "https://172.16.36.155:9999/pingfederate/app/";, host: "ping0a.cisco.net:9999" with a tcpdump in the HTTPS server that it is in the internal LAN I don't see any traffic arriving .... I have a split dns schema in my test, and the FQDN name in the internal HTTPS server is the same as the on e in the DMZ ( ping0a.cisco,.net ). This is my configuration : [root@ping0a nginx]# more nginx.conf user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; upstream backend { server 172.16.36.155:9999; } include /etc/nginx/conf.d/*.conf; } [root@ping0a conf.d]# more ping0a_ssl.conf # HTTPS server # server { listen 9999 default ssl; index index.php index.html index.htm; server_name ping0a.cisco.net; ssl on; ssl_certificate /etc/pki/tls/certs/IdP.pem; ssl_certificate_key /etc/pki/tls/private/IdP.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP; ssl_prefer_server_ciphers on; location / { proxy_store off; proxy_pass https://backend; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_ssl_verify off; } } from the hosts in the DMZ where NGINX is installed I can reach the inetrnal HTTPS server [root@ping0a conf.d]# wget --no-check-certificate https://172.16.36.155:9999/pingfederate/app --2014-10-08 11:20:25-- https://172.16.36.155:9999/pingfederate/app Connecting to 172.16.36.155:9999... connected. WARNING: certificate common name ‘ping0a.cisco.net’ doesn't match requested host name ‘172.16.36.155’. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘app’ [ <=> ] 5,576 --.-K/s in 0s 2014-10-08 11:20:25 (45.8 MB/s) - ‘app’ saved [5576] What is wrong in my configuration ? Thank you, Paulo Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253833,253833#msg-253833 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
