NGINX -> varnish load balancer -> Apache SSL connection = BAD REQUEST

1 vote
0 answers
601 views
apache-httpd ssl https load-balancing varnish
                          This is my setup :

Server 1 = Nginx is receiving the request on port 443 and is used as a reverse proxy to send it to Varnish 5, on the same server on port 80.

Varnish is load balancing requests on servers 2 and 3 (which are identical) on port 443.

Server 2 & 3 = Apache is receiving the requests on port 443 and access to the app.

SSL certificates are installed on all servers.


When I try to access the website I have this error 400:

> Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.


Here are my configs : 

Nginx : 

    server {
       listen 443 ssl;

       server_name server.mydomain.com;

       ssl_certificate /etc/letsencrypt/live/server.mydomain.com/fullchain.pem;
       ssl_certificate_key/etc/letsencrypt/live/server.mydomain.com/privkey.pem;

        location / {
            proxy_pass http://127.0.0.1:80 ;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header X-Secure on;
        }
     }

Varnish:

    backend server1 { 
      .host = "xx.xx.xx.xxx";
      .port = "443";
    }

    backend server2 { 
      .host = "xx.xx.xx.xxx";
      .port = "443";
    }

    
    sub vcl_recv {
      if (req.restarts == 0) {
        if (req.http.x-forwarded-for) {
               set req.http.X-Forwarded-For =
                   req.http.X-Forwarded-For + ", " + client.ip;
           } else {
               set req.http.X-Forwarded-For = client.ip;
           }
       }

       if (req.http.X-Real-IP) {
           set req.http.X-Forwarded-For = req.http.X-Real-IP;
       } else {
           set req.http.X-Forwarded-For = client.ip;
       }
       ...
    }

Apache:

    
    
        ServerName server.mydomain.com

       DocumentRoot /var/www/mydomain/

        
                AllowOverride All
                Order allow,deny
                allow from all
        

        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/server.mydomain.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/server.mydomain.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/server.mydomain.com/chain.pem

        SSLProtocol all -SSLv2 -SSLv3
        SSLHonorCipherOrder on
        SSLCompression off
        SSLOptions +StrictRequire
        SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E$

        LogLevel warn
        ErrorLog ${APACHE_LOG_DIR}/server.mydomain.com-error.log
        CustomLog ${APACHE_LOG_DIR}/server.mydomain.com-access.log combined
  
    

I understand the problem, but didn't find he solution. Any advice?

Regards





                        
Asked by GregOs (111 rep)
Apr 5, 2018, 02:31 AM
NGINX -> varnish load balancer -> Apache SSL connection = BAD REQUEST

Related Questions
