38
36

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

Nginxでupstreamにhttpsなホストを設定する時の注意点

Last updated at Posted at 2014-10-16

NginxのバックエンドにhttpsなURLを指定する時のお話。

proxy_pass を使う

こんな感じ?これは問題なく動作する。

server {

  ...

  location / {
    proxy_pass https://himitsu.no.site/;
  }

  ...
}

upstream を使う

しかし、深遠なる理由(別エントリにする予定)でupstream化したい。
その場合、このように書けば動きそうだが。。。

upstream backend {
    server himitsu.no.site;
}

server {

  ...

  location / {
    proxy_pass https://backend/;
  }

  ...
}

しかし、実際はこんなエラーでうまく動かない。

2014/10/07 09:30:58 [error] 10661#0: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL 
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: 127.0.0.1, 
server: 0.0.0.0, request: "GET / HTTP/1.1", upstream: "https://xx.xx.xx.xx:80/", host: "localhost"

ログをよく見ると、80番ポートにアクセスしようとしているらしい。
upstreamのserverで、きちんとポートまで指定してあげると問題なく動いた。

upstream backend {
    server himitsu.no.site:443;
}

server {

  ...

  location / {
    proxy_pass https://backend/;
  }

  ...
}

※ちなみに、ログをよく見ずにだいぶハマってしまったのは内緒

38
36
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
38
36

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?