Join Log in
Score:0
Radoslav Enev avatar Server

Configuring Nginx Reverse Proxy: Resolving Bad Gateway Issue

cd flag
Radoslav Enev

I am attempting to set up an Nginx reverse proxy that should be accessible from another server. The purpose is to redirect requests to an upstream test environment. The connection necessitates a certificate and key, both of which I have successfully validated.

Executing the command

curl -E ./test.crt --key ./test.key https://example.com/agent_ws-SOF46 -v -L

results in a successful connection.

However, when I try to run

curl -L http://192.168.20.222/mun/s/agent_ws-SOF46/ -v

from a different internal development server, I encounter a bad gateway response. Please note that the IP address 192.168.20.220 corresponds to the internal IP address of the Nginx server.

The configuration file I am using is as follows:

location /mun/s{
    rewrite ^/mun/s/(.*) /$1 break;
    proxy_ssl_server_name on;
    proxy_ssl_certificate /etc/nginx/certs/test.crt;
    proxy_ssl_certificate_key /etc/nginx/certs/test.key;
    proxy_pass https://example.com/;
    error_log /var/log/nginx/mun-s.log debug;
}

Link to the error.log file: click

2023/08/28 09:41:33 [debug] 19161#0: *15114 http cl:-1 max:104857600
2023/08/28 09:41:33 [debug] 19161#0: *15114 rewrite phase: 3
2023/08/28 09:41:33 [debug] 19161#0: *15114 posix_memalign: 000055F446922800:4096 @16
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script regex: "^/mun/s/(.*)"
2023/08/28 09:41:33 [notice] 19161#0: *15114 "^/mun/s/(.*)" matches "/mun/s/agent_ws-SOF46", client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", host: "localhost"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "/"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script capture: "agent_ws-SOF46"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script regex end
2023/08/28 09:41:33 [notice] 19161#0: *15114 rewritten data: "/agent_ws-SOF46", args: "", client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", host: "localhost"
2023/08/28 09:41:33 [debug] 19161#0: *15114 post rewrite phase: 4
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 5
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 6
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 7
2023/08/28 09:41:33 [debug] 19161#0: *15114 generic phase: 8
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 9
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 10
2023/08/28 09:41:33 [debug] 19161#0: *15114 access phase: 11
2023/08/28 09:41:33 [debug] 19161#0: *15114 post access phase: 12
2023/08/28 09:41:33 [debug] 19161#0: *15114 http init upstream, client timer: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 epoll add event: fd:20 op:3 ev:80002005
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "Host: "
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script var: "example.com"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: "Connection: close
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http script copy: ""
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header: "User-Agent: curl/7.29.0"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header: "Accept: */*"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http proxy header:
"GET /agent_ws-SOF46 HTTP/1.0
Host: example.com
Connection: close
User-Agent: curl/7.29.0
Accept: */*
 
"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http cleanup add: 000055F446923098
2023/08/28 09:41:33 [debug] 19161#0: *15114 get rr peer, try: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 stream socket 23
2023/08/28 09:41:33 [debug] 19161#0: *15114 epoll add connection: fd:23 ev:80002005
2023/08/28 09:41:33 [debug] 19161#0: *15114 connect to 217.145.175.7:443, fd:23 #15115
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream connect: -2
2023/08/28 09:41:33 [debug] 19161#0: *15114 posix_memalign: 000055F446A570D0:128 @16
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer add: 23: 60000:1693204953436
2023/08/28 09:41:33 [debug] 19161#0: *15114 http finalize request: -4, "/agent_ws-SOF46?" a:1, c:2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http request count:2 blk:0
2023/08/28 09:41:33 [debug] 19161#0: *15114 http run request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream check client, write event:1, "/agent_ws-SOF46"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request handler
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469DFCE0:72
2023/08/28 09:41:33 [debug] 19161#0: *15114 upstream SSL server name: "example.com"
2023/08/28 09:41:33 [debug] 19161#0: *15114 set session: 000055F446A5A4F0
2023/08/28 09:41:33 [debug] 19161#0: *15114 tcp_nodelay
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL handshake handler: 0
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_do_handshake: 1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD"
2023/08/28 09:41:33 [debug] 19161#0: *15114 save session: 000055F4469AB3D0
2023/08/28 09:41:33 [debug] 19161#0: *15114 old session: 000055F446A5A4F0
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream send request body
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer buf fl:1 s:110
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer in: 000055F4469230E8
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469EC560:80
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F44692E570:16384
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL buf copy: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL to write: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_write: 110
2023/08/28 09:41:33 [debug] 19161#0: *15114 chain writer out: 0000000000000000
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer del: 23: 1693204953436
2023/08/28 09:41:33 [debug] 19161#0: *15114 event timer add: 23: 60000:1693204953455
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:33 [debug] 19161#0: *15114 malloc: 000055F4469BE300:4096
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream dummy handler
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:33 [debug] 19161#0: *15114 SSL_get_error: 2
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:33 [debug] 19161#0: *15114 http upstream dummy handler
2023/08/28 09:41:43 [debug] 19161#0: *15114 http upstream request: "/agent_ws-SOF46?"
2023/08/28 09:41:43 [debug] 19161#0: *15114 http upstream process header
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_read: -1
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_get_error: 5
2023/08/28 09:41:43 [debug] 19161#0: *15114 peer shutdown SSL cleanly
2023/08/28 09:41:43 [error] 19161#0: *15114 upstream prematurely closed connection while reading response header from upstream, client: ::1, server: _, request: "GET /mun/s/agent_ws-SOF46 HTTP/1.1", upstream: "https://1.1.1.1:443/agent_ws-SOF46", host: "localhost"
2023/08/28 09:41:43 [debug] 19161#0: *15114 http next upstream, 2
2023/08/28 09:41:43 [debug] 19161#0: *15114 free rr peer 1 4
2023/08/28 09:41:43 [debug] 19161#0: *15114 finalize http upstream request: 502
2023/08/28 09:41:43 [debug] 19161#0: *15114 finalize http proxy request
2023/08/28 09:41:43 [debug] 19161#0: *15114 SSL_shutdown: 1
2023/08/28 09:41:43 [debug] 19161#0: *15114 close http upstream connection: 23
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F44692E570
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F4469EC560
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F4469DFCE0
2023/08/28 09:41:43 [debug] 19161#0: *15114 free: 000055F446A570D0, unused: 0
2023/08/28 09:41:43 [debug] 19161#0: *15114 event timer del: 23: 1693204953455
2023/08/28 09:41:43 [debug] 19161#0: *15114 reusable connection: 0
2023/08/28 09:41:43 [debug] 19161#0: *15114 http finalize request: 502, "/agent_ws-SOF46?" a:1, c:1
2023/08/28 09:41:43 [debug] 19161#0: *15114 http special response: 502, "/agent_ws-SOF46?"
2023/08/28 09:41:43 [debug] 19161#0: *15114 internal redirect: "/50x.html?"

Keep in mind I have changed the ip address and the dns name of the upstream server on purpose with dummy ones but they have been tested and working. There are other reverse proxy configurations on this server and they are currently working. This one was done in similar manner to them.

Edit: The upstream server seems to be also redirecting to something else(another internal url) since the response from curl is 302. I suspect there is something going on with the redirect the upstream server is doing. It is possible the previously established ssl session is breaking, but I am not entirely sure and it's still a speculation.

59
0 + 0
502
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.