nginxでproxy_pass先にSNIなhttpsを指定する #SSL - Qiita
29
19

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

nginxでproxy_pass先にSNIなhttpsを指定する

Last updated at Posted at 2016-03-29

nginxで proxy_pass する先を SNI ではない HTTPS から SNI な HTTPS (具体的には CloudFront) へ変更したらハマったのでメモ。

こんなログがでて接続できない。

[error] 21711#0: *32897 SSL_do_handshake() failed
 (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure)
 while SSL handshaking to upstream,
 client: ****, server: ****, request: "GET / HTTP/1.1",
 upstream: "https://****", host: "****"

nginx 1.7.0 以降で proxy 先への SNI 対応が入っているので、proxy_ssl_server_name on して解決しました。

resolver 127.0.0.1;
set $server "sni.example.com";
location / {
    proxy_ssl_server_name on;
    proxy_pass https://$server;
}
29
19
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
29
19

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?