Question

error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Posted June 30, 2020 152 views
Node.js

I cant access my REST API with HTTPS (HTTP works well).

root@ubuntu-s-1vcpu-1gb-nyc1-01:/var/www/html/app# curl -v -k  https://0.0.0.0:8080/api/posts
*   Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 8080 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

my config

index   index.html index.htm;

server {
    listen 80;
    server_name premonstrati2021.cz www.premonstrati2021.cz;

        location / {
            proxy_pass                    https://0.0.0.0:8080;

            proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
            proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
            proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;
            proxy_ssl_server_name on;
            proxy_ssl_verify        on;
            proxy_ssl_verify_depth  2;
            proxy_ssl_session_reuse on;
        }

    return 301 https://$server_name$request_uri;
}

server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;

        root /var/www/html/app/dist;

        server_name  premonstrati2021.cz www.premonstrati2021.cz;

        ssl_dhparam /etc/nginx/dhparam.pem
        ssl_certificate "/etc/letsencrypt/live/premonstrati2021.cz/cert.pem";
        ssl_certificate_key "/etc/letsencrypt/live/premonstrati2021.cz/privkey.pem";
        ssl_verify_client      optional;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
             ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES2$

        location / {
                proxy_pass http://0.0.0.0:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_ssl_server_name on;
        }
}

do you have any ideas?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

I found the problem - i haven’t prepared my nodejs app to listen on https port :-)

Submit an Answer