0

I'm having issues with nginx and 302 redirects to files that are behind multiple redirects.

so I'm trying to proxy this request and get 502 bad gateway.

location /85319
 {
proxy_pass https://traffic.omny.fm/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
recursive_error_pages on;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirects;
}


    location @handle_redirects {
        resolver 8.8.8.8;
        set $saved_redirect_location '$upstream_http_location';
        proxy_pass $saved_redirect_location;
    }


}

I can access orgin url via get no problem:

 wget  https://traffic.omny.fm/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63

error log from nginx shows following:

2020/09/28 20:32:15 [error] 32688#32688: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://104.22.5.5:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://104.22.4.5:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 SSL_do_handshake() failed (SSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure) while SSL handshaking to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://172.67.7.242:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 connect() to [2606:4700:10::6816:505]:443 failed (101: Network is unreachable) while connecting to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://[2606:4700:10::6816:505]:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 connect() to [2606:4700:10::6816:405]:443 failed (101: Network is unreachable) while connecting to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://[2606:4700:10::6816:405]:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"
2020/09/28 20:32:15 [error] 32688#32688: *1 connect() to [2606:4700:10::ac43:7f2]:443 failed (101: Network is unreachable) while connecting to upstream, client: 64.225.106.108, server: dglnx.goloudnow.com, request: "GET /85319 HTTP/1.1", upstream: "https://[2606:4700:10::ac43:7f2]:443/d/clips/aaea4e69-af51-495e-afc9-a9760146922b/64b5de49-d653-47c4-afe1-ab0600144b4b/5b5cfa2a-6310-46d0-85ce-ac320137afbc/audio.mp3?utm_source=Podcast&in_playlist=87b34f0a-5ff9-491e-957c-ab0600144b63", host: "64.225.106.108"

It seems to me like nginx is trying connect to resolved IP address of host that it meant to be redirecting. Because this host is behind cloudflare that is not allowing direct IP access it cannot server request.

Any idea how to make nginx to follow redirected hostname (like wget) rather than IP of cloudflare/cloudfront host ?

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
Saimon
  • 1

1 Answers1

0

Both nginx and curl connect exactly same way to upstream. They resolve the IP address with a DNS query and then connect to the IP address.

In your case, it seems that there are issues with IPv6 routing on the server, and Cloudflare's servers aren't reachable with IPv6. You need to discuss this with your service provider so they can fix it.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58