Hi,
I don't have any experience with nginx for DNS, but when things aren't
working, the best thing to do is disable proxy-protocol on all and see
if it works. Then add proxy-protocol after.
My guess is you need to put proxy_protocol on; in upstream dns to tell
nginx to talk to it's backend.
Have a good day,
Leen.
On 26-03-2023 22:23, VPN Технологии via Unbound-users wrote:
Hello, I was trying to set up a DoT -> nginx -> unbound scheme but
encountered some errors. Below is the configuration of the servers and
the errors they output to the logs. What could be the problem?
unbound: 1.17.1
nginx: 1.22.1
OS: 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
nginx config:
stream {
upstream dns {
zone dns 64k;
server [::1]:853;
}
server {
listen <ext_ipv4>:853 ssl;
listen <ext_ipv6>:853 ssl;
ssl_certificate fullchain.pem;
ssl_certificate_key privkey.pem;
proxy_pass dns;
proxy_protocol on;
}
}
unbound config:
server:
access-control: 0.0.0.0/0 allow
access-control: ::/0 allow
interface: ::1@853
proxy-protocol-port: 853
unbound log:
error: proxy_protocol: could not parse PROXYv2 header
nginx log:
SSL_shutdown() failed (SSL: error:14094123:SSL
routines:ssl3_read_bytes:application data after close notify) while
proxying connection, client: <client_ipv4>, server: <server_ipv4>:853,
upstream: "[::1]:853", bytes from/to client:0/0, bytes from/to
upstream:0/0
