Nginx upstream to https host - ssl3_get_record:wrong version number









up vote
1
down vote

favorite












I am trying to proxy requests to a remote server, this is how I configure my Nginx



upstream myupstream 
server remote-hostname;



...



location ~ ^/(v1|v2|v3)/.*$ 

proxy_pass https://myupstream;

# also tried these options:
# proxy_ssl_server_name on;
# proxy_ssl_verify off;
# proxy_set_header Host <remote-hostname-here>;
# proxy_set_header X_FORWARDED_PROTO https;



As a result I see error 502 page and this record in error.log



2018/11/10 19:41:38 [error] 8410#8410: *1 SSL_do_handshake() failed 
(SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)
while SSL handshaking to upstream, client: 127.0.0.1, server: <my-web-host-here>,
request: "GET /v1/some/page HTTP/1.1",
upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
host: "<my-web-host-here>"


What could cause this?



Note: This nginx proxy is on my local machine.










share|improve this question

























    up vote
    1
    down vote

    favorite












    I am trying to proxy requests to a remote server, this is how I configure my Nginx



    upstream myupstream 
    server remote-hostname;



    ...



    location ~ ^/(v1|v2|v3)/.*$ 

    proxy_pass https://myupstream;

    # also tried these options:
    # proxy_ssl_server_name on;
    # proxy_ssl_verify off;
    # proxy_set_header Host <remote-hostname-here>;
    # proxy_set_header X_FORWARDED_PROTO https;



    As a result I see error 502 page and this record in error.log



    2018/11/10 19:41:38 [error] 8410#8410: *1 SSL_do_handshake() failed 
    (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)
    while SSL handshaking to upstream, client: 127.0.0.1, server: <my-web-host-here>,
    request: "GET /v1/some/page HTTP/1.1",
    upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
    host: "<my-web-host-here>"


    What could cause this?



    Note: This nginx proxy is on my local machine.










    share|improve this question























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I am trying to proxy requests to a remote server, this is how I configure my Nginx



      upstream myupstream 
      server remote-hostname;



      ...



      location ~ ^/(v1|v2|v3)/.*$ 

      proxy_pass https://myupstream;

      # also tried these options:
      # proxy_ssl_server_name on;
      # proxy_ssl_verify off;
      # proxy_set_header Host <remote-hostname-here>;
      # proxy_set_header X_FORWARDED_PROTO https;



      As a result I see error 502 page and this record in error.log



      2018/11/10 19:41:38 [error] 8410#8410: *1 SSL_do_handshake() failed 
      (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)
      while SSL handshaking to upstream, client: 127.0.0.1, server: <my-web-host-here>,
      request: "GET /v1/some/page HTTP/1.1",
      upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
      host: "<my-web-host-here>"


      What could cause this?



      Note: This nginx proxy is on my local machine.










      share|improve this question













      I am trying to proxy requests to a remote server, this is how I configure my Nginx



      upstream myupstream 
      server remote-hostname;



      ...



      location ~ ^/(v1|v2|v3)/.*$ 

      proxy_pass https://myupstream;

      # also tried these options:
      # proxy_ssl_server_name on;
      # proxy_ssl_verify off;
      # proxy_set_header Host <remote-hostname-here>;
      # proxy_set_header X_FORWARDED_PROTO https;



      As a result I see error 502 page and this record in error.log



      2018/11/10 19:41:38 [error] 8410#8410: *1 SSL_do_handshake() failed 
      (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number)
      while SSL handshaking to upstream, client: 127.0.0.1, server: <my-web-host-here>,
      request: "GET /v1/some/page HTTP/1.1",
      upstream: "https://<my-web-host-ip-here>:80/v1/some/page",
      host: "<my-web-host-here>"


      What could cause this?



      Note: This nginx proxy is on my local machine.







      ssl nginx https






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 11 at 4:23









      Pavel

      1,3351326




      1,3351326






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          2
          down vote



          accepted










          upstream: "https://<my-web-host-ip-here>:80/v1/some/page", 


          It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number.






          share|improve this answer




















          • Thanks mate! I added port to upstream configuration server remote-hostname:443; and that fixed the issue as you sugested! I thought that since I am already specifying https:// in proxy_pass https://myupstream; it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80 in the log entry. So thank you very much, good catch!
            – Pavel
            Nov 11 at 6:40











          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245818%2fnginx-upstream-to-https-host-ssl3-get-recordwrong-version-number%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          2
          down vote



          accepted










          upstream: "https://<my-web-host-ip-here>:80/v1/some/page", 


          It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number.






          share|improve this answer




















          • Thanks mate! I added port to upstream configuration server remote-hostname:443; and that fixed the issue as you sugested! I thought that since I am already specifying https:// in proxy_pass https://myupstream; it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80 in the log entry. So thank you very much, good catch!
            – Pavel
            Nov 11 at 6:40















          up vote
          2
          down vote



          accepted










          upstream: "https://<my-web-host-ip-here>:80/v1/some/page", 


          It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number.






          share|improve this answer




















          • Thanks mate! I added port to upstream configuration server remote-hostname:443; and that fixed the issue as you sugested! I thought that since I am already specifying https:// in proxy_pass https://myupstream; it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80 in the log entry. So thank you very much, good catch!
            – Pavel
            Nov 11 at 6:40













          up vote
          2
          down vote



          accepted







          up vote
          2
          down vote



          accepted






          upstream: "https://<my-web-host-ip-here>:80/v1/some/page", 


          It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number.






          share|improve this answer












          upstream: "https://<my-web-host-ip-here>:80/v1/some/page", 


          It is not really clear to me what you are trying to achieve. But it is very unlikely that you have a HTTPS server on port 80. Port 80 is commonly used by HTTP not HTTPS. Trying to access it by HTTPS will usually result in a HTTP error response by the server which, when interpreted as the expected TLS handshake response, will result in strange error messages like ssl3_get_record:wrong version number.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 11 at 5:54









          Steffen Ullrich

          58.5k35395




          58.5k35395











          • Thanks mate! I added port to upstream configuration server remote-hostname:443; and that fixed the issue as you sugested! I thought that since I am already specifying https:// in proxy_pass https://myupstream; it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80 in the log entry. So thank you very much, good catch!
            – Pavel
            Nov 11 at 6:40

















          • Thanks mate! I added port to upstream configuration server remote-hostname:443; and that fixed the issue as you sugested! I thought that since I am already specifying https:// in proxy_pass https://myupstream; it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80 in the log entry. So thank you very much, good catch!
            – Pavel
            Nov 11 at 6:40
















          Thanks mate! I added port to upstream configuration server remote-hostname:443; and that fixed the issue as you sugested! I thought that since I am already specifying https:// in proxy_pass https://myupstream; it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80 in the log entry. So thank you very much, good catch!
          – Pavel
          Nov 11 at 6:40





          Thanks mate! I added port to upstream configuration server remote-hostname:443; and that fixed the issue as you sugested! I thought that since I am already specifying https:// in proxy_pass https://myupstream; it is enough for Nginx to figure out the correct port, but apparently this is not the case and I didn't notice that port 80 in the log entry. So thank you very much, good catch!
          – Pavel
          Nov 11 at 6:40


















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53245818%2fnginx-upstream-to-https-host-ssl3-get-recordwrong-version-number%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          這個網誌中的熱門文章

          How to read a connectionString WITH PROVIDER in .NET Core?

          Node.js Script on GitHub Pages or Amazon S3

          Museum of Modern and Contemporary Art of Trento and Rovereto