DigitalOcean

Report this

What is the reason for this report?
Question

Enabled proxy protocol in load balancer causing CONNECT_CR_SRVR_HELLO:wrong version number error

Posted on September 5, 2019
Ubuntu 18.04
Load Balancing
DigitalOcean
Kubernetes
cyberex

By cyberex

Hi,

I have successfully installed my app on Kubernetes cluster. But I observed my app was seeing the local IP instead of actual client IP. So I enabled proxy protocol in load balancer and installed nginx-ingress as follows:

# Installing the Kubernetes Nginx Ingress Controller
helm install stable/nginx-ingress --name nginx-ingress --set controller.publishService.enabled=true,controller.config.use-forwarded-headers='"true"',controller.config.use-proxy-protocol='"true"'

But now I get the following error on accessing my API:

curl https://my-api.example.com/v3/status
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexdo
alexdo
June 15, 2023

Hello,

Just came across this answer and decided to write some general guidelines for anyone who comes across this in the future despite the old question.

It seems like there’s an issue with your SSL/TLS configuration. Based on the error message, it may be due to a mismatch between the supported protocol versions on the client and server side. You should check your Nginx Ingress configuration to ensure that it’s set up to handle SSL/TLS correctly.

Here’s what you may do:

  1. Verify that your secret containing the TLS certificate and key is correctly configured and mounted in the Ingress resource.
  2. Check the logs of your nginx-ingress-controller pod for errors or warnings about your TLS configuration.
  3. Update your Nginx Ingress Controller if you are using an older version, as it may have limited compatibility with newer TLS versions.

For more details on troubleshooting Nginx Ingress, refer to this DigitalOcean tutorial on configuring Nginx Ingress with Cert-Manager.

Hope that this helps!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.