By joshopkins
I have followed the guide here (https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-16-04-server)
While they are using Ubuntu we are using Centos 7.2.
Going directly to apache on port 8080 or 8443 (ssl) works. Pulling static files from Nginx works as well on port 80 and 443. However once the configuration is updated to use pass php traffic to apache I get 502 Bad Gateway. I
Nginx Config
server {
listen 80;
listen 443 ssl;
server_name www.domain.com domain.com;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/ssl/domain_com.pem;
ssl_certificate_key /etc/nginx/ssl/domain_com.key;
root /data/web/corp/domain;
index index.php index.htm index.html;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
proxy_pass https://127.0.0.1:8443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\. {
deny all;
}
}
I have tried to set the proxy_pass to the internal IP, Public IP, domain name, and loopback ip. Seems to all be the same issue.
Apache is set to listen on 8080 and 443.
The Nginx error logs show this:
2017/03/14 23:07:52 [error] 24934#0: *306 upstream prematurely closed connection while reading response header from upstream, client: 71.25.9.17, server: www.domain.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8443/index.php", host: "www.domain.com"
Apache SSL error log:
[Tue Mar 14 23:12:36.955268 2017] [ssl:error] [pid 63873] [client 127.0.0.1:45822] AH02261: Re-negotiation handshake failed: Not accepted by client!?, referer: https://www.domain.com/favicon.ico
Apache SSL access log:
127.0.0.1 - - [14/Mar/2017:23:12:16 +0000] "GET /index.php HTTP/1.0" 403 211
I am not sure where to start as I am new to Nginx but from my reading it seems to be much better/faster at serving up static content than Apache. While our development group currently requires .htaccess we have to keep using Apache.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
If you’d like to shoot me an e-mail, you can find it in my profile (click on my username). I can make a few suggestions and we can go from there depending on what you’d like to do.
I’m pretty sure your problem comes from using HTTPS through localhost.
Since all the traffic is contained on the same server between Nginx and Apache, then you don’t really need to encrypt that traffic.
And remember to setup Apache to listen on 127.0.0.1 (known as localhost), and just HTTP port 8080. You don’t want Apache to listen on your public IP - otherwise there would be multiple ways into your system, which wouldn’t be good.
Try this instead in your Nginx php-section:
proxy_pass http://127.0.0.1:8080;
@joshopkins Have you been able to fix this yet? What’s the state of things now?
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.