Hi, here's some clarifications:

What is the thing writing to nginx? (stunnel, I think)
stunnel according to the setup:
Transmission remote GUI:443 -> sshttp:443 -> stunnel:1443 ->
nginx: (no ssl, with listen ... proxy_protocol,
port_in_redirect on)

How is it configured?
accept =
connect =
protocol = proxy
sni = tls:tti.go.ro
connect =
renegotiation = no
debug = 5
cert = /home/adr/apps/etc/nginx/certs/adrhc.go.ro-server-pub.pem
key = /home/adr/apps/etc/nginx/certs/adrhc.go.ro-server-priv-no-pwd.pem
[tls to any http]
sni = tls:*
# using nginx proxy_protocol (is http though using 443!):
connect =
protocol = proxy

What version of proxy_protocol is stunnel writing?
it's the one from nginx 1.11.3 ...

Is "transmission" something other than a https client? - it's this:
transmission-daemon, 2.84-3ubuntu3, amd64, lightweight BitTorrent client
with this configuration in nginx:
location /transmission/ {
        proxy_pass                     ;
        proxy_redirect          /;
        proxy_set_header                Host                           ;
        proxy_set_header                X-Real-IP                               
        proxy_set_header                X-Forwarded-For                 
        client_max_body_size    10M;
        proxy_connect_timeout   120;
        proxy_read_timeout              300;

If it is trying to speak something other than http wrapped in tls,
it is unlikely that nginx will be able to process the requests.
I gues it tries not because it's working fine with
https://adrhc.go.ro/transmission/ but when stunnel is not involved e.g.:
Transmission remote GUI:443 -> sshttp:443 -> nginx: (with ssl,
without listen ... proxy_protocol, port_in_redirect off)

Posted at Nginx Forum: 

nginx mailing list

Reply via email to