NGINX - Closed Connection in SSL Handshake while SSL Handshaking to upstream

Question

Stack : React, NGINX 1.14.0, GUnicorn, Django 2.2.8, Python 3.6.9

Errors :

• at browser : When React calls Django API (with Origin in request header of course), CORS error is occured at browser console after about 30 seconds.
  at browser console : Access to XMLHttpRequest at 'https://mydomain:8000/something/' from origin 'https://mydomain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
  In addition, HTTP status code is 502 Bad Gateway.
• at NGINX : peer closed connection in SSL handshake while SSL handshaking to upstream, client: something, server: mydomain, request: "GET /something/ HTTP/1.1", upstream: "https://unix:/home/ubuntu/django_path/gunicorn.sock:/something/", host: "mydomain:8000", referrer: "https://mydomain/something". client timed out (110: Connection timed out) while waiting for request, client: something, server: 0.0.0.0:443
• at GUnicorn : [CRITICAL] WORKER TIMEOUT
• at Django : I coded to log to view, but the log was not printed.

Conf :

• NGINX :

server {
    listen 80;
    server_name mydomain;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name mydomain;

    error_log /var/log/nginx/error.log debug;

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        root /home/ubuntu/react_path/build;
        index index.html index.htm;
        try_files $uri $uri/ /index.html;
    }
}

server {
    listen 8000 ssl;
    server_name mydomain;

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    charset utf-8;

    location / {
        include proxy_params;
        proxy_pass https://unix:/home/ubuntu/django_path/gunicorn.sock;
    }

    location /static/ {
        alias /home/ubuntu/django_path/static/;
    }

    location /media/ {
        alias /home/ubuntu/django_path/media/;
    }
}

• GUnicorn :

[Unit]
Description=gunicorn daemon
After=network.target

[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/django_path
ExecStart=/home/ubuntu/VENV/bin/gunicorn --workers 3 --bind unix:/home/ubuntu/django_path/gunicorn.sock api.wsgi:application

[Install]
WantedBy=multi-user.target

• Django :

CORS_ALLOWED_ORIGINS = [
    'https://mydomain',
]

There are a few problems, but I think CORS error is occured cause traffic does not reach Django, even GUnicorn.

So maybe I change NGINX conf. What's your think? How can I fix?

Answer 1

After continuing, I found a solution.

https://serverfault.com/questions/746297/how-to-run-gunicorn-upstream-with-an-nginx-ssl-configuration
was very helpful.

Below is the NGINX's conf.

upstream gunicorn {
    server 127.0.0.1:8080;
}

server {
    listen 80;
    server_name mydomain;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name mydomain;

    ...
}

server {
    listen 8000 ssl;
    server_name mydomain;

    ...

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://gunicorn;
    }
    ...
}

Below is the GUnicorn's conf.

...
ExecStart=/home/ubuntu/VENV/bin/gunicorn --workers 3 --bind 127.0.0.1:8080:/home/ubuntu/django_path/gunicorn.sock api.wsgi:application
...