Forum Discussion
pepito
Altocumulus
AltocumulusSmall question related to proxy_set_header Host
Hello.
I create this discussion following another one here.
Every time I tried to reply, my reply was automatically removed, I don't know why.
Here is my situation, I'm trying to use nginx as a reverse proxy to redirect http requests from clients to a gitlab host, through a foward proxy.
Clients in secure zone -> HTTPS Nginx host -> HTTPS Forward Proxy -> HTTPS Gitlab host.
I tried the following configuration :
- <DNS-ALIAS-NGINX-GITLAB> is a specific DNS alias I created which targets the nginx host.
- <GITLAB-HOST> is the gitlab host myhost:443. I added the port because the listening port of the gitlab host is 443 while the listening post of the forward proxy is something else.
- <PROXY-IP> and <PROXY-PORT> are respectively the IP and the listening port of the foaward proxy.
server {
listen 443 ssl;
server_name <DNS-ALIAS-NGINX-GITLAB>;
ssl_certificate /etc/nginx/certs/mycrt.crt;
ssl_certificate_key /etc/nginx/certs/mykey.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/mysite.access.log;
error_log /var/log/nginx/mysite.error.log debug;
location / {
proxy_set_header Host <GITLAB-HOST>:443;
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_intercept_errors off;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://<PROXY-IP>:<PROXY-PORT>;
}
}
Unfortunately, when I try a git clone command from a client, I encounter a 502 http error from the client perspective, and the following error message in nginx logs :
2022/11/04 16:16:23 [error] 18473#18473: *1 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to upstream, client: <CLIENT-IP>, server: <DNS-ALIAS-NGINX-GITLAB>, request: "GET /myrepo.git/info/refs?service=git-upload-pack HTTP/1.1", upstream: "https://<PROXY-IP>:<PROXY-PORT>/myrepo.git/info/refs?service=git-upload-pack", host: "<DNS-ALIAS-NGINX-GITLAB>"
I was wondering what is the problem with my nginx configuration ?
Should I try the following maybe :
Clients in secure zone -> HTTP Nginx host -> HTTP Forward Proxy -> HTTPS Gitlab host
Thank you in advance for your help !
Best regards.
This content was inadvertently caught by our SPAM filter. I'll close comments on this post as duplicate. Please go to the original question/reply for full context.
pepito - PM me if I am wrong and you would rather have this question open; I can re-open it.
Thanks.
- LiefZimmerman
Admin
This content was inadvertently caught by our SPAM filter. I'll close comments on this post as duplicate. Please go to the original question/reply for full context.
pepito - PM me if I am wrong and you would rather have this question open; I can re-open it.
Thanks.