View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Need help configuring SSL on Apache w/ Nginx Reverse Proxy
Log in to Ask a Question

Need help configuring SSL on Apache w/ Nginx Reverse Proxy

development

I currently have Nginx running as a reverse proxy in front of Apache on the same server to serve static contents. i.e. Nginx listening to port 80 then proxy_pass to 127.0.0.1:8000, Apache listening to 127.0.0.1:8000.

I am trying to setup Apache to serve SSL / https content. After I setup Apache and a new virtual host to listen to :443, I am getting 502 Bad gateway from Nginx on HTTP connections. I checked the Nginx logs and it says "conection refused while connecting to upstream http://127.0.0.1:8000".

I am not sure if I am approaching this correctly. Should Nginx listen to both 443 and 80 then both proxy_pass to 127.0.0.1:8000? Or do I setup a separate VirtualHost on apache to listen for 443?

Current setup:

NGINX:

server {

listen 80;

root /www

index index.php index.html index.htm;

server_name example.com;

…..

location ~ .php$ {

proxysetheader X-Real-IP $remote_addr;

proxysetheader X-Forwarded-For $remote_addr;

proxysetheader Host $host;

proxy_pass http://127.0.0.1:8000;

proxyreadtimeout 240s;

}

}

Apache ports.conf:

NameVirtualHost 127.0.0.1:8000

Listen 127.0.0.1:8000

NameVirtualHost *:443

Listen 443

Listen 443

Apache Vhost1

ServerName example.com

ServerAlias *.example.com

DocumentRoot /www

Apache Vhost2

ServerName example.com

ServerAlias *.example.com

DocumentRoot /www

4 Replies

Simon,

It appears you have apache configured to only listen on the loopback address (127.0.0.1). Change the lines:

Listen 127.0.0.1:8000 -> Listen *:8000

and change

-> Then, restart apache and give that a shot.

Edit:

Sorry - missed the part about them being on the same server. Can you curl http://127.0.0.1:8000 and get a valid response?

@SeanTobin I think so im getting a valid response. The site works fine without the second vhost enabled. Only when i enable vhost2, then i get 502 bad gateway from nginx. weird.

:~$ curl 127.0.0.1:8000

401 Authorization Required

Authorization Required

This server could not verify that you

are authorized to access the document

requested. Either you supplied the wrong

credentials (e.g., bad password), or your

browser doesn't understand how to supply

the credentials required.

Apache/2.2.14 (Ubuntu) Server at 127.0.0.1 Port 8000

The 401 error will cause nginx to reply with a bad gateway. If you can get it to work without apache listening on 443, I'd do that. You can set up nginx to listen on both 80 and 443 and do all your https encryption in nginx. You can use the same backend for both servers.

I just ended up having NGINX listen to 443 as well, and then it just worked.

I added in bold:

server {

listen 80;

****listen 443 default ssl;

ssl_certificate example.crt;

sslcertificatekey example.key;****

root /www

index index.php index.html index.htm;

server_name example.com;

…..

location ~ .php$ {

proxysetheader X-Real-IP $remote_addr;

proxysetheader X-Forwarded-For $remote_addr;

proxysetheader Host $host;

proxy_pass http://127.0.0.1:8000;

proxyreadtimeout 240s;

}

}

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct