Yet another 502 error with nginx

Question

I'm trying to put a server@home in place with some basic services. All services run into a dedicated VM. Each VM is hosted on vSphere 5.5. So far I have :

• Debian wheezy with nginx used as a reverse proxy : 192.168.1.12
• Debian wheezy with nodeJS used as a webapp server : 192.168.1.43
  • 192.168.1.43:3000 => http web server that makes a redirection on 192.168.1.43:3001
  • 192.168.1.43:3001 => https web server that makes provides the service
• Debian wheezy with madsonic installed : 192.168.1.35
  • As said in documentation I put --https-port=443 in the config to enable https access

I use nginx to be able to have things like this :

• myapp.mydomaine.com => go to nodejs @ 192.168.1.43
• music.mydomain.com => go to madsonic @ 192.168.1.35

I followed a tutorial and edited the "default" file in /etc/nginx/sites-enabled. Here is how it looks like :

server {
 listen 80;
 server_name myapp.domaine.com;
 location / {
   proxy_pass http://192.168.1.43:3000;
 }
}
server {
 listen 443;
 server_name myapp.domain.com;
 ssl on;
 ssl_certificate [...];
 ssl_certificate_key [...];
 location / {
   proxy_pass https://192.168.1.43:3001;
 }
}
server {
 listen 80;
 server_name music.domain.com;
 location / {
   proxy_pass http://192.168.1.35:4040;
 }
}
server {
 listen 443;
 server_name music.domain.com;
 ssl on;
 ssl_certificate [...];
 ssl_certificate_key [...];
 location / {
    proxy_pass https://192.168.1.35;
 }
}

The first redirection on myapp works. The redirection on music works when I had only http on the madsonic server. When I activate https on madsonic server I get a 502 Bad gateway error (but the URL in Firefox is https://music.domain.com).

I also tryed some other methods like mentionned here : How to redirect on the same port from http to https with nginx reverse proxy

Did not work either.

I also saw in /var/logs/nginx/error.log that the 502 error is due to a SSL_do_handshake error (SSl23_GET_SERVER_HELLO:tlsv1). No idea if it is related to the 502 error or not.

I'm a bit confused because other https services work fine. Someone has a suggestion ? Thanks very much.

Answer 1

Here is the answer of the user "desasteralex" that was posted for the same question on serverfault.com. It worked so I share his answer here (and big thx him btw :D).

---

First of all, Nginx is your SSL terminator here. That means that you don't need to run your app in both - HTTP and HTTPS mode. HTTP would be enough.

So, for your app the config could look like that:

server {  listen 192.168.1.12:80;  server_name myapp.domain.com;  location / {   rewrite ^ https://$server_name$request_uri? permanent;  } }

The directive above will redirect all HTTP requests to HTTPS.

server {  listen 192.168.1.12:443;  server_name myapp.domain.com;  ssl on;  ssl_certificate [...];  ssl_certificate_key [...];  location / {  proxy_pass https://192.168.1.43:3000;  } }

I've chosen the port 3000 in the proxy_pass here to point to the HTTP version of your app. You would need to turn off the redrection of your app to port 3001.

Regarding your music.domain.com redirection - for HTTP you use the port 4040 in the proxy_pass parameter, in HTTPS you don't. I assume that the madsonic server only listens on port 4040, so a config could look like this:

server {  listen 192.168.1.12:80;  server_name music.domain.com;  location / {   rewrite ^ https://$server_name$request_uri? permanent;  } } 

server {  listen 192.168.1.12:443;  server_name music.domain.com;  ssl on;  ssl_certificate [...];  ssl_certificate_key [...];  location / {  proxy_pass https://192.168.1.35:4040;  } }

Hope this helps.

---