1

I am using nginx as load balancer on tomcat6 webserver. Both NGINX and TOMCAT6 have been configured to use only HTTPS. NGINX configuration settings are mentioned in the following two files.

nginx.conf

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # nginx-naxsi config
        ##
        # Uncomment it if you installed nginx-naxsi
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # nginx-naxsi config
        ##
        # Uncomment it if you installed nginx-naxsi
        #passenger_root /usr;
        #passenger_ruby /usr/bin/ruby;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

and the sites-available/default is as follows

upstream backend {
server 10.1.2.4;
}

server {


#HTTPS_ENABLED
    listen   443 ssl;
    ssl_certificate        %SSL_CERT%;
    ssl_certificate_key    %SSL_KEY%;
    ssl_ciphers            ALL:!ADH:!kEDH:!SSLv2:!EXPORT40:!EXP:!LOW;
    ssl_session_cache      shared:SSL:10m;
    ssl_session_timeout    10m;
#HTTPS_ENABLED


    location / {
       proxy_pass https://backend;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

If I directly connect the webserver using https link, I am able to access the web application

1) tomcat is up and running and is listening on 443

2) Nothing suspicious on access logs

but If I use the nginx url (https), it is giving me "502 bad gateway" error. I couldn't find any errors or suspicious warning in both access.log and error.log of the nginx. What could possibly be wrong here? Please help

ram
  • 113
  • 1
  • 5

1 Answers1

0

Try this: 

upstream backend {
   server 10.1.2.4:443;
}

Edit: Just to be complete, I think this is also another solution:

upstream backend {
   server 10.1.2.4 ssl;
}
Marcel
  • 1,575
  • 8
  • 14