Hi, here's some clarifications: What is the thing writing to nginx? (stunnel, I think) stunnel according to the setup: Transmission remote GUI:443 -> sshttp:443 -> stunnel:1443 -> nginx:127.0.0.1:443 (no ssl, with listen ... proxy_protocol, port_in_redirect on)
How is it configured? [tls] accept = 192.168.1.31:1443 connect = 127.0.0.1:1081 protocol = proxy [ssh] sni = tls:tti.go.ro connect = 127.0.0.1:22 renegotiation = no debug = 5 cert = /home/adr/apps/etc/nginx/certs/adrhc.go.ro-server-pub.pem key = /home/adr/apps/etc/nginx/certs/adrhc.go.ro-server-priv-no-pwd.pem [tls to any http] sni = tls:* # using nginx proxy_protocol (is http though using 443!): connect = 127.0.0.1:443 protocol = proxy What version of proxy_protocol is stunnel writing? it's the one from nginx 1.11.3 ... Is "transmission" something other than a https client? - it's this: transmission-daemon, 2.84-3ubuntu3, amd64, lightweight BitTorrent client (daemon) with this configuration in nginx: # http://127.0.0.1:9091/transmission/web/ location /transmission/ { proxy_pass http://127.0.0.1:9091/transmission/; proxy_redirect http://127.0.0.1:9091/ /; proxy_cookie_domain 127.0.0.1:9091 adrhc.go.ro; proxy_set_header Host 127.0.0.1:9091; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10M; proxy_connect_timeout 120; proxy_read_timeout 300; } If it is trying to speak something other than http wrapped in tls, it is unlikely that nginx will be able to process the requests. I gues it tries not because it's working fine with https://adrhc.go.ro/transmission/ but when stunnel is not involved e.g.: Transmission remote GUI:443 -> sshttp:443 -> nginx:127.0.0.1:1443 (with ssl, without listen ... proxy_protocol, port_in_redirect off) Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269662,269744#msg-269744 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx