Здравствуйте. Проблема – не могу настроить передачу
https от nginxa к вышестоящему веб-серверу Apache, nginx как фронт-енд, апаче
– бэк-енд.
ОС: FreeBSD 7
Nginx установлен из порта nginx-0.7.52.
Если запрос https приходит
напрямую на бэк-енд – все работает, если через nginx – проблемы. В
браузере – пустая страница. Лог:
2009/04/24 03:35:00 [debug] 77007#0: malloc:
08159000:10240
2009/04/24 03:35:00 [debug] 77007#0: malloc:
0815C000:10240
2009/04/24 03:35:00 [debug] 77007#0: malloc:
08301000:942080
2009/04/24 03:35:00 [debug] 77007#0: malloc:
0815F000:614400
2009/04/24 03:35:00 [debug] 77007#0: malloc:
08401000:614400
2009/04/24 03:35:00 [debug] 77007#0: kevent set
event: 5: ft:-1 fl:0005
2009/04/24 03:35:00 [debug] 77007#0: kevent set
event: 6: ft:-1 fl:0005
2009/04/24 03:35:00 [debug] 77007#0: kevent set
event: 8: ft:-1 fl:0005
2009/04/24 03:35:00 [debug] 77007#0: worker cycle
2009/04/24 03:35:00 [debug] 77007#0: kevent timer:
-1, changes: 3
2009/04/24 03:35:24 [debug] 77007#0: kevent events: 1
2009/04/24 03:35:24 [debug] 77007#0: kevent: 6: ft:-1
fl:0000 ff:00000000 d:1 ud:0815F03C
2009/04/24 03:35:24 [debug] 77007#0: accept on
xx.xx.xx.xx:443, ready: 1
2009/04/24 03:35:24 [debug] 77007#0: malloc:
08136400:256
2009/04/24 03:35:24 [debug] 77007#0: *175 accept:
85.140.11.227 fd:7
2009/04/24 03:35:24 [debug] 77007#0: *175 event timer
add: 7: 60000:3579203720
2009/04/24 03:35:24 [debug] 77007#0: *175 kevent set
event: 7: ft:-1 fl:0025
2009/04/24 03:35:24 [debug] 77007#0: timer delta:
24481
2009/04/24 03:35:24 [debug] 77007#0: posted events
00000000
2009/04/24 03:35:24 [debug] 77007#0: worker cycle
2009/04/24 03:35:24 [debug] 77007#0: kevent timer:
60000, changes: 1
2009/04/24 03:35:24 [debug] 77007#0: kevent events: 1
2009/04/24 03:35:24 [debug] 77007#0: kevent: 7: ft:-1
fl:0020 ff:00000000 d:116 ud:0815F0B4
2009/04/24 03:35:24 [debug] 77007#0: *175 malloc:
0811E400:656
2009/04/24 03:35:24 [debug] 77007#0: *175 malloc:
0811FC00:1024
2009/04/24 03:35:24 [debug] 77007#0: *175 malloc:
08118000:4096
2009/04/24 03:35:24 [debug] 77007#0: *175 http check
ssl handshake
2009/04/24 03:35:24 [debug] 77007#0: *175 https ssl
handshake: 0x16
2009/04/24 03:35:24 [debug] 77007#0: *175
SSL_do_handshake: -1
2009/04/24 03:35:24 [debug] 77007#0: *175
SSL_get_error: 2
2009/04/24 03:35:24 [debug] 77007#0: timer delta: 3
2009/04/24 03:35:24 [debug] 77007#0: posted events
00000000
2009/04/24 03:35:24 [debug] 77007#0: worker cycle
2009/04/24 03:35:24 [debug] 77007#0: kevent timer:
59997, changes: 0
2009/04/24 03:35:25 [debug] 77007#0: kevent events: 1
2009/04/24 03:35:25 [debug] 77007#0: kevent: 7: ft:-1
fl:0020 ff:00000000 d:214 ud:0815F0B4
2009/04/24 03:35:25 [debug] 77007#0: *175 SSL
handshake handler: 0
2009/04/24 03:35:25 [debug] 77007#0: *175
SSL_do_handshake: 1
2009/04/24 03:35:25 [debug] 77007#0: *175 SSL: SSLv3,
cipher: "DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256)
Mac=SHA1"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
process request line
2009/04/24 03:35:25 [debug] 77007#0: *175 SSL_read:
-1
2009/04/24 03:35:25 [debug] 77007#0: *175
SSL_get_error: 2
2009/04/24 03:35:25 [debug] 77007#0: timer delta: 82
2009/04/24 03:35:25 [debug] 77007#0: posted events
00000000
2009/04/24 03:35:25 [debug] 77007#0: worker cycle
2009/04/24 03:35:25 [debug] 77007#0: kevent timer:
59915, changes: 0
2009/04/24 03:35:25 [debug] 77007#0: kevent events: 1
2009/04/24 03:35:25 [debug] 77007#0: kevent: 7: ft:-1
fl:0020 ff:00000000 d:437 ud:0815F0B4
2009/04/24 03:35:25 [debug] 77007#0: *175 http
process request line
2009/04/24 03:35:25 [debug] 77007#0: *175 SSL_read:
404
2009/04/24 03:35:25 [debug] 77007#0: *175 SSL_read:
-1
2009/04/24 03:35:25 [debug] 77007#0: *175
SSL_get_error: 2
2009/04/24 03:35:25 [debug] 77007#0: *175 http
request line: "GET / HTTP/1.1"
2009/04/24 03:35:25 [debug] 77007#0: *175 http uri:
"/"
2009/04/24 03:35:25 [debug] 77007#0: *175 http args:
""
2009/04/24 03:35:25 [debug] 77007#0: *175 http exten:
""
2009/04/24 03:35:25 [debug] 77007#0: *175 http
process request header line
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "Host: mail.domen.ru"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru;
rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "Accept-Language: ru,en-us;q=0.7,en;q=0.3"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "Accept-Encoding: gzip,deflate"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "Keep-Alive: 300"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "Connection: keep-alive"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
header: "Cache-Control: max-age=0"
2009/04/24 03:35:25 [debug] 77007#0: *175 http header
done
2009/04/24 03:35:25 [debug] 77007#0: *175 event timer
del: 7: 3579203720
2009/04/24 03:35:25 [debug] 77007#0: *175 generic
phase: 0
2009/04/24 03:35:25 [debug] 77007#0: *175 test
location: "/"
2009/04/24 03:35:25 [debug] 77007#0: *175 using
configuration "/"
2009/04/24 03:35:25 [debug] 77007#0: *175 http cl:-1
max:1048576
2009/04/24 03:35:25 [debug] 77007#0: *175 generic
phase: 2
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
var
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
var: "mail.domen.ru"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
regex: "(www\.mail.domen\.ru|mail\.domen\.ru)"
2009/04/24 03:35:25 [notice] 77007#0: *175
"(www\.mail.domen\.ru|mail\.domen\.ru)" matches
"mail.domen.ru", client: 85.140.11.227, server: mail.domen.ru, request:
"GET / HTTP/1.1", host: "mail.domen.ru"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
if
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
complex value
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "192.168.0.20/"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
var: "/"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
set $perehod
2009/04/24 03:35:25 [debug] 77007#0: *175 post
rewrite phase: 3
2009/04/24 03:35:25 [debug] 77007#0: *175 generic
phase: 4
2009/04/24 03:35:25 [debug] 77007#0: *175 generic
phase: 5
2009/04/24 03:35:25 [debug] 77007#0: *175 access
phase: 6
2009/04/24 03:35:25 [debug] 77007#0: *175 access
phase: 7
2009/04/24 03:35:25 [debug] 77007#0: *175 post access
phase: 8
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "https://"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
var: "192.168.0.20//"
2009/04/24 03:35:25 [debug] 77007#0: *175 http init
upstream, client timer: 0
2009/04/24 03:35:25 [debug] 77007#0: *175 kevent set
event: 7: ft:-2 fl:0025
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "X-FORWARDED_PROTO: https
"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "Host: "
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
var: "mail.domen.ru"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "
"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "X-Real-IP: "
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
var: "85.140.11.227"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "
"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "X-Forwarded-For: "
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
var: "85.140.11.227"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "
"
2009/04/24 03:35:25 [debug] 77007#0: *175 http script
copy: "Connection: close
"
2009/04/24 03:35:25 [debug] 77007#0: *175 http proxy
header: "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru;
rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8"
2009/04/24 03:35:25 [debug] 77007#0: *175 http proxy
header: "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2009/04/24 03:35:25 [debug] 77007#0: *175 http proxy
header: "Accept-Language: ru,en-us;q=0.7,en;q=0.3"
2009/04/24 03:35:25 [debug] 77007#0: *175 http proxy
header: "Accept-Encoding: gzip,deflate"
2009/04/24 03:35:25 [debug] 77007#0: *175 http proxy
header: "Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7"
2009/04/24 03:35:25 [debug] 77007#0: *175 http proxy
header: "Cache-Control: max-age=0"
2009/04/24 03:35:25 [debug] 77007#0: *175 http proxy
header:
"GET // HTTP/1.0
X-FORWARDED_PROTO: https
Host: mail.domen.ru
X-Real-IP: 85.140.11.227
X-Forwarded-For: 85.140.11.227
Connection: close
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
ru; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Cache-Control: max-age=0
"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
cleanup add: 08118B5C
2009/04/24 03:35:25 [debug] 77007#0: resolve:
"192.168.0.20"
2009/04/24 03:35:25 [debug] 77007#0: *175 name was
resolved to 192.168.0.20
2009/04/24 03:35:25 [debug] 77007#0: resolve name
done: 0
2009/04/24 03:35:25 [debug] 77007#0: *175 get rr
peer, try: 1
2009/04/24 03:35:25 [debug] 77007#0: *175 socket 10
2009/04/24 03:35:25 [debug] 77007#0: *175 connect to
192.168.0.20:443, fd:10 #176
2009/04/24 03:35:25 [debug] 77007#0: *175 kevent set
event: 10: ft:-1 fl:0025
2009/04/24 03:35:25 [debug] 77007#0: *175 kevent set
event: 10: ft:-2 fl:0025
2009/04/24 03:35:25 [debug] 77007#0: *175 http
upstream connect: -2
2009/04/24 03:35:25 [debug] 77007#0: *175 event timer
add: 10: 75000:3579218858
2009/04/24 03:35:25 [debug] 77007#0: timer delta: 53
2009/04/24 03:35:25 [debug] 77007#0: posted events
00000000
2009/04/24 03:35:25 [debug] 77007#0: worker cycle
2009/04/24 03:35:25 [debug] 77007#0: kevent timer:
75000, changes: 3
2009/04/24 03:35:25 [debug] 77007#0: kevent events: 2
2009/04/24 03:35:25 [debug] 77007#0: kevent: 7: ft:-2
fl:0020 ff:00000000 d:33396 ud:084010B4
2009/04/24 03:35:25 [debug] 77007#0: *175 http run
request: "/?"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
upstream check client, write event:1, "/"
2009/04/24 03:35:25 [debug] 77007#0: kevent: 10:
ft:-2 fl:0020 ff:00000000 d:43008 ud:084010F0
2009/04/24 03:35:25 [debug] 77007#0: *175 http
upstream request: "/?"
2009/04/24 03:35:25 [debug] 77007#0: *175 http
upstream send request handler
2009/04/24 03:35:25 [notice] 69512#0: signal 20
(SIGCHLD) received
2009/04/24 03:35:25 [alert] 69512#0: worker process
77007 exited on signal 11
2009/04/24 03:35:25 [debug] 69512#0: wake up
2009/04/24 03:35:25 [debug] 69512#0: reap children
2009/04/24 03:35:25 [debug] 69512#0: child: 0 77007
e:0 t:1 d:0 r:1 j:0
2009/04/24 03:35:25 [debug] 69512#0: channel 7:8
2009/04/24 03:35:25 [notice] 69512#0: start worker
process 77078
2009/04/24 03:35:25 [debug] 69512#0: sigsuspend
2009/04/24 03:35:25 [debug] 77078#0: malloc:
0812A000:10240
2009/04/24 03:35:25 [debug] 77078#0: malloc:
08159000:10240
2009/04/24 03:35:25 [debug] 77078#0: malloc:
0815C000:10240
2009/04/24 03:35:25 [debug] 77078#0: malloc: 08301000:942080
2009/04/24 03:35:25 [debug] 77078#0: malloc:
0815F000:614400
2009/04/24 03:35:25 [debug] 77078#0: malloc:
08401000:614400
2009/04/24 03:35:25 [debug] 77078#0: kevent set
event: 5: ft:-1 fl:0005
2009/04/24 03:35:25 [debug] 77078#0: kevent set
event: 6: ft:-1 fl:0005
2009/04/24 03:35:25 [debug] 77078#0: kevent set
event: 8: ft:-1 fl:0005
2009/04/24 03:35:25 [debug] 77078#0: worker cycle
2009/04/24 03:35:25 [debug] 77078#0: kevent timer: -1,
changes: 3
Конфиг nginx'a:
worker_processes 1;
error_log /var/log/nginx/error.log debug;
pid
nginx.pid;
events {
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $request
'
'"$status"
$body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log
/var/log/nginx/access.log main;
sendfile
on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
server {
listen xx.xx.xx.xx:80;
# Директива задаёт имена виртуального сервера,
server_name domen.ru www.domen.ru
location / {
root /var/www/nginx;
index index.html index.htm;
if ($http_host ~* ^(www\.domen\.ru|domen\.ru)) {
set $perehod 192.168.0.20/$request_uri;
break;
}
proxy_pass http://$perehod;
client_max_body_size 100m;
client_body_buffer_size 128k;
include /usr/local/etc/nginx/proxy.conf;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx;
}
}
# HTTPS server
#
server {
listen xx.xx.xx.xx:443;
server_name mail.domen.ru www.mail.domen.ru;
ssl
on;
ssl_certificate
/usr/local/etc/nginx/cert/server_www.crt;
ssl_certificate_key /usr/local/etc/nginx/cert/server_www.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2;
#
ssl_prefer_server_ciphers on;
location /
{
proxy_set_header X-FORWARDED_PROTO https;
if ($http_host ~* (www\.mail.domen\.ru|mail\.domen\.ru)) {
set $perehod 192.168.0.20:443/$request_uri;
break;
}
proxy_pass https://$perehod;
include /usr/local/etc/nginx/proxy.conf ;
}
error_page 500 502 503 504 /50x.html;
location =
/50x.html {
root /var/www/nginx;
}
}
}
Спасибо за ответ.